Inactive Windows XP and IE 8 redirection virus

Status
Not open for further replies.
P

pms1228

Posts: 9   +0
I've never had a virus and now my machine has been hit hard. Currently experiencing an internet redirection virus which I don't know how to remove. Also, I'm not sure if the virus is doing this as well, but I cannot turn on the windows firewall or the ICS service.
Anyone's help would be greatly appreciated!
Thanks
 
Welcome to TechSpot! I'll help with the malware. I've asked the moderator to close your other thread so you're not tempted to post there for this problem.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Logs as requested

Malware bytes logMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5148

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/18/2010 6:14:17 PM
mbam-log-2010-11-18 (18-14-17).txt

Scan type: Quick scan
Objects scanned: 160701
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\se-2011-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\se-2011-payment.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-18 20:55:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: pe7uk9d4.exe; Driver: C:\DOCUME~1\Paula\LOCALS~1\Temp\ugryauod.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF748E6AE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF746CA96]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF746CD5E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF748F04C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF748F3D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF748D8EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF748F91A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF748EA50]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF746C506]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 452 804E4CAC 4 Bytes JMP 2417F748

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Expl

DDS Logs
DDS.txt
DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by Paula at 20:57:23.48 on Thu 11/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.617 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paula\My Documents\downloads\Virus stuff\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>;127.0.0.1
uInternet Settings,ProxyServer = http=
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2317.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\6.3.2317.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2317.0\npwinext.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: surfright.nl\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Web-Based Email Tools - hxxp://email09.secureserver.net/Download.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://entrepreneur.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167758081154
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-6fa626abaa234940.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} - hxxps://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {E065DE4B-6F0E-45FD-B30F-04ED81D5C258} - hxxp://download.microsoft.com/download/0/7/1/0715cb0a-51f5-4d17-b482-e8c457971efa/AppCompR.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/TrueInstall.exe
TCP: {E2B52A10-D3BD-40BD-BFF6-95732E441C4C} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-17 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-17 656320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-17 249616]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-11-17 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-11-17 68880]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-6-19 597640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-17 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-17 1145304]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2008-10-9 386560]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-11-17 70536]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-11-17 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-11-19 00:02:58 -------- d-----w- c:\docume~1\paula\applic~1\Malwarebytes
2010-11-19 00:02:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 00:02:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-19 00:02:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 00:02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-18 22:16:26 -------- d--h--w- C:\$AVG
2010-11-18 21:54:49 -------- d-----w- c:\docume~1\paula\applic~1\AVG10
2010-11-18 21:50:07 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-18 21:50:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-18 21:49:25 -------- d-----w- c:\program files\AVG
2010-11-18 21:37:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-18 20:41:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-18 20:41:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-18 20:40:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-17 21:11:30 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-17 21:11:30 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-17 21:11:30 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-11-17 21:08:28 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-11-17 21:08:28 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-11-17 21:08:23 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-17 21:07:50 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-17 21:07:50 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-17 21:06:52 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-17 21:06:52 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-11-17 21:06:51 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-17 21:06:38 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-17 21:04:08 -------- d-----w- c:\program files\common files\PC Tools
2010-11-17 21:04:05 -------- d-----w- c:\program files\PC Tools Security
2010-11-17 21:04:05 -------- d-----w- c:\docume~1\paula\applic~1\PC Tools
2010-11-17 18:15:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-16 18:13:50 -------- d-----w- c:\program files\ESET
2010-11-16 17:25:13 -------- d-----w- c:\docume~1\paula\locals~1\applic~1\Dell
2010-11-13 20:07:19 -------- d-sh--w- C:\found.000
2010-10-22 22:26:40 -------- d-----w- c:\program files\Cisco Systems
2010-10-22 22:21:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Cisco Systems

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 07:52:50 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 07:50:52 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 07:50:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-09-21 21:52:21 73728 ----a-w- c:\documents and settings\paula\zlib.dll
2010-09-21 21:52:21 585728 ----a-w- c:\documents and settings\paula\HPAsset.exe
2010-09-21 21:52:21 36208 ----a-w- c:\documents and settings\paula\Dscan16.dll
2010-09-21 21:52:21 2855 ----a-w- c:\documents and settings\paula\Smstub16.pif
2010-09-21 21:52:21 17477 ----a-w- c:\documents and settings\paula\Smstub16.exe
2010-09-21 21:52:20 40960 ----a-w- c:\documents and settings\paula\hpmonZ.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 01:43:57 256 ----a-w- c:\documents and settings\paula\pool.bin
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2004-03-01 20:58:18 561424 ----a-w- c:\program files\common files\dao360.dll

============= FINISH: 20:58:52.42 ===============

attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/31/2006 7:42:25 PM
System Uptime: 11/18/2010 6:15:47 PM (2 hours ago)

Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 5.71 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 11.013 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1623: 9/29/2010 3:00:22 AM - Software Distribution Service 3.0
RP1624: 10/1/2010 3:45:11 PM - Installed Microsoft Office Outlook Connector
RP1625: 10/2/2010 9:03:25 PM - System Checkpoint
RP1626: 10/3/2010 9:02:09 PM - RegCure Backup
RP1627: 10/9/2010 8:29:40 AM - Software Distribution Service 3.0
RP1628: 10/9/2010 1:42:51 PM - Installed Nitro PDF Professional
RP1629: 10/9/2010 2:03:46 PM - Removed Nitro PDF Professional
RP1630: 10/10/2010 3:00:23 AM - Software Distribution Service 3.0
RP1631: 10/10/2010 8:25:02 AM - Software Distribution Service 3.0
RP1632: 10/10/2010 11:59:02 AM - Software Distribution Service 3.0
RP1633: 10/11/2010 8:26:04 AM - Software Distribution Service 3.0
RP1634: 10/12/2010 8:25:51 AM - Software Distribution Service 3.0
RP1635: 10/13/2010 8:25:57 AM - Software Distribution Service 3.0
RP1636: 10/13/2010 9:02:34 PM - RegCure Backup
RP1637: 10/14/2010 3:00:26 AM - Software Distribution Service 3.0
RP1638: 10/15/2010 3:33:07 AM - Software Distribution Service 3.0
RP1639: 10/16/2010 3:33:51 AM - Software Distribution Service 3.0
RP1640: 10/17/2010 3:33:50 AM - Software Distribution Service 3.0
RP1641: 10/17/2010 11:54:35 AM - Software Distribution Service 3.0
RP1642: 10/18/2010 12:03:36 PM - System Checkpoint
RP1643: 10/18/2010 9:03:23 PM - RegCure Backup
RP1644: 10/19/2010 7:09:20 AM - Software Distribution Service 3.0
RP1645: 10/20/2010 7:45:36 AM - System Checkpoint
RP1646: 10/21/2010 7:22:14 PM - System Checkpoint
RP1647: 10/22/2010 7:26:35 PM - System Checkpoint
RP1648: 10/23/2010 8:26:34 PM - System Checkpoint
RP1649: 10/24/2010 9:26:34 PM - System Checkpoint
RP1650: 10/25/2010 6:55:05 PM - Software Distribution Service 3.0
RP1651: 10/26/2010 7:25:54 PM - System Checkpoint
RP1652: 10/27/2010 6:55:53 AM - Software Distribution Service 3.0
RP1653: 10/28/2010 7:29:07 AM - Software Distribution Service 3.0
RP1654: 10/28/2010 9:03:24 PM - RegCure Backup
RP1655: 10/29/2010 3:48:45 PM - Software Distribution Service 3.0
RP1656: 10/30/2010 3:48:59 PM - Software Distribution Service 3.0
RP1657: 10/31/2010 12:04:38 PM - Software Distribution Service 3.0
RP1658: 11/1/2010 12:19:33 PM - System Checkpoint
RP1659: 11/9/2010 1:34:48 PM - Software Distribution Service 3.0
RP1660: 11/10/2010 3:00:25 AM - Software Distribution Service 3.0
RP1661: 11/11/2010 3:26:05 AM - System Checkpoint
RP1662: 11/11/2010 3:30:21 AM - Software Distribution Service 3.0
RP1663: 11/12/2010 3:29:45 AM - Software Distribution Service 3.0
RP1664: 11/13/2010 3:30:28 AM - Software Distribution Service 3.0
RP1665: 11/14/2010 7:57:11 AM - Software Distribution Service 3.0
RP1666: 11/15/2010 7:51:57 AM - Software Distribution Service 3.0
RP1667: 11/16/2010 11:24:53 AM - RegCure Backup
RP1668: 11/17/2010 12:14:24 PM - Microsoft Antimalware Checkpoint
RP1669: 11/18/2010 3:48:58 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1670: 11/18/2010 3:49:24 PM - Installed AVG 2011
RP1671: 11/18/2010 3:49:54 PM - Installed AVG 2011

==== Installed Programs ======================

A-PDF Restrictions Remover 1.5
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 9.3.4
Adobe Shockwave Player
AVG 2011
AVS Cover Editor 1.3.1.79 (AVSMedia)
AVS DVD Copy version 1.4
BiAdmin
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BlackBerry Desktop Software 6.0
Broadcom 440x 10/100 Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CCleaner
Centra Client
Cisco Connect
Conexant HDA D110 MDC V.92 Modem
Constant Contact QuickImport v2 for Outlook
Coupon Printer for Windows
Crash Analysis Tool
Definition update for Microsoft Office 2010 (KB982726)
Dell Automated PC TuneUp
Dell Driver Download Manager
Dell ResourceCD
Dell Support Center (Support Software)
DellConnect
DellSupport
DIGOpt
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
Driver Installer
DVD Identifier
ESET Online Scanner v3
Form Fill (Windows Live Toolbar)
Garmin USB Drivers
Garmin WebUpdater
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Earth
GoToAssist 8.0.0.514
GoToMeeting 4.0.0.320
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet 6500
HP Deskjet 6500 Series
HP Driver Diagnostics
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP QuickSync
HP Update
ImgBurn
Install Font
Intel(R) PROSet/Wireless Software
InterActual Player
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Live Search Maps Add-In for Microsoft Office Outlook
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee Security Scan Plus
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Fix it Center
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Picture It! Publishing Platinum 2002
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
Motorola Driver Installation
Move Media Player
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
Nokia Connectivity Adapter Cable DKU-5
NVIDIA Drivers
OFX Writer
OneCare Advisor (Windows Live Toolbar)
OpenCASE Media Agent
OpenOffice.org Installer 1.0
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.7
PrimoPDF
Print Server Driver
QBFC 4.0
Quicken 2010
QuickSet
RegCure
Rhapsody Player Engine
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Segoe UI
SigmaTel Audio
Smart Menus (Windows Live Toolbar)
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Spyware Doctor with AntiVirus 8.0
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
TrueSwitch Wizard MSN
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Virtools 3D Life Player
VZAccess Manager for RIM
WebCyberCoach 3.2 Dell
WebFldrs XP
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

11/18/2010 5:49:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent service to connect.
11/18/2010 5:49:18 PM, error: Service Control Manager [7000] - The OpenCASE Media Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2010 5:39:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Avgldx86 Avgmfx86 Fips intelppm OMCI SASDIFSV SASKUTIL TfFsMon TfSysMon
11/18/2010 5:15:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
11/18/2010 3:25:09 PM, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
11/18/2010 3:18:59 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The IPv6 Helper Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 2:35:40 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/18/2010 2:35:40 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 2:08:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
11/18/2010 2:08:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
11/18/2010 2:03:52 PM, error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2010 2:03:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Office Software Protection Platform service to connect.
11/18/2010 1:53:26 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
11/17/2010 6:03:27 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
11/17/2010 6:02:26 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The system cannot find the file specified.
11/17/2010 6:02:26 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
11/17/2010 5:56:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/17/2010 5:53:54 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/17/2010 5:37:53 PM, error: Microsoft Antimalware [2001] -
11/17/2010 5:29:43 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/17/2010 5:15:02 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
11/17/2010 2:17:05 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/17/2010 10:19:55 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/16/2010 2:27:26 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {E85062FB-914A-40A2-8801-5DD803045204} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/16/2010 2:27:26 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/16/2010 2:21:13 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Incorrect function.
11/16/2010 2:21:13 PM, error: Rasman [20033] - Remote Access Connection Manager failed to start because it could not register with the local security authority. Restart the computer. Incorrect function.
11/16/2010 2:21:10 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).
11/16/2010 2:21:08 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
11/16/2010 2:21:06 PM, error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The handle is invalid. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/16/2010 2:20:50 PM, error: Service Control Manager [7024] - The Remote Access Connection Manager service terminated with service-specific error 3221356592 (0xC0020030).
11/16/2010 2:20:46 PM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:20:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
11/16/2010 2:19:41 PM, error: Service Control Manager [7023] - The Business Contact Manager SQL Server Startup Service service terminated with the following error: %%2147943453
11/16/2010 2:19:41 PM, error: Service Control Manager [7000] - The SQL Server (MSSMLBIZ) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:19:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server (MSSMLBIZ) service to connect.
11/16/2010 2:16:56 PM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:16:55 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:16:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/16/2010 2:16:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
11/16/2010 2:16:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
11/16/2010 2:16:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server Browser service to connect.
11/16/2010 2:16:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel(R) PROSet/Wireless SSO Service service to connect.
11/16/2010 2:16:33 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:16:33 PM, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2010 2:16:33 PM, error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless SSO Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2010 7:47:04 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
11/13/2010 9:11:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 9:09:49 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/13/2010 9:07:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/13/2010 8:35:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tcpip6
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 8:35:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:04:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 1:52:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================
 
The Malwarebytes log shows No action taken. This means you did not follow this in the directions:
Be sure that everything is checked, and click Remove Selected.

So the malware it found wasn't removed. Please update Mbam and run again, taking care to check for removal. Post the new log.
 
Malwarebytes removal log

I was afraid I attached the wrong log (and I did). When it completed there two logs and I attached the first one. Here is the correct log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5148

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/18/2010 6:14:41 PM
mbam-log-2010-11-18 (18-14-41).txt

Scan type: Quick scan
Objects scanned: 160701
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\se-2011-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\se-2011-payment.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Some Housekeeping to start:
You have multiple antivirus programs running:I You need to get this down so that there is only 1 antivirus program running. Multiple AV programs make a system more vulnerable, not less. I have listed them along with a removal tool. Download the removal tools for those you don't want to keep and save it to your desktop- don't run yet:
Note: Follow directions for each removal tool.
If you paid for AVG 2011, you might want to remove the free programs.

After you have gotten the downloads you need and saved them to the desktop:>>
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  • Double click each removal tool to run
  • Continue until all but the one AV you want remains
  • Check Add/Remove Programs in the Control Panel. If any of the AV programs you removed still show, highlight> Uninstall
    Note: While in Add/Remove Programs, include Hitman Pro in the uninstall

Using Windows Explorer: Windows key + E> From within Windows explorer:
  • Click on My Computer> Double click Local Drive (C)> Programs
  • Find the Program for each of the antivirus (or suite names) you uninstalled and do a right click> Delete on each.
    Note: While in Programs> include Hitman Pro in the right click> Delete of program folder.
  • Exit Windows Explorer
  • Reboot into Normal Mode
===========================================
You have 4 outdated versions of Java, all vunerabilitities The following program will remove them all:
Please download JavaRa and unzip it to your desktop.

Important!
***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install then most current version and update of Java Runtime
Environment (JRE) HERE.

Let me know when you have finished this and I will take you to the next step. If you have any questions about the instructions, stop and ask. I note that you have RegCure installed. Most of us don't recommend a Registry cleaner and I would recommend that you uninstall it. If you choose to keep it, please disable it while we are cleaning the system.
 
Removal of security programs and old Java versions is completed

I have gone through the steps you have outlined.
Paula
 
Okay, you should be moving a bit better. Be sure you have rebooted the computer since completing the above:

Run TFC (Temp File Cleaner)
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Empty the Recycle Bin
=======================================
Let's see what you picked up while you had all the AV programs:Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
====================================
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
 
logs for estscan and combofix

estscan
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=76b3e7cf37cd574484defbaec6cef9fa
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-20 02:06:52
# local_time=2010-11-19 08:06:52 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78232
# found=0
# cleaned=0
# scan_time=2194


combofix
ComboFix 10-11-19.01 - Paula 11/19/2010 21:09:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.558 [GMT -6:00]
Running from: c:\documents and settings\Paula\My Documents\downloads\Virus stuff\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DELL\ATAPI.EXE
c:\documents and settings\DELL\TrueInstallMSN.exe
c:\documents and settings\DELL\UWAKEOFF.EXE
c:\documents and settings\DELL\UWAKEON.EXE
c:\documents and settings\Paula\Application Data\install
c:\documents and settings\Paula\g2mdlhlpx.exe
c:\documents and settings\Paula\GoToAssistDownloadHelper.exe
c:\documents and settings\Paula\My Documents\DPE.DUS
c:\documents and settings\Paula\zlib.dll
C:\Microsoft
c:\microsoft\WindowsDefender.msi
c:\program files\version.txt
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\MailSwitch.ocx
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.

2010-11-19 22:39 . 2010-11-19 22:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Paula\Application Data\Malwarebytes
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-18 22:16 . 2010-11-18 22:16 -------- d-----w- C:\$AVG
2010-11-18 21:54 . 2010-11-18 21:54 -------- d-----w- c:\documents and settings\Paula\Application Data\AVG10
2010-11-18 21:50 . 2010-11-19 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-18 21:37 . 2010-11-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-18 20:41 . 2010-11-18 21:30 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-18 20:40 . 2010-11-18 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-17 18:15 . 2010-11-19 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-16 17:25 . 2010-11-16 17:25 -------- d-----w- c:\documents and settings\Paula\Local Settings\Application Data\Dell
2010-11-13 20:07 . 2010-11-13 20:07 -------- d-----w- C:\found.000
2010-11-13 14:34 . 2010-11-13 15:05 -------- d-----w- c:\documents and settings\Administrator
2010-10-22 22:26 . 2010-10-25 17:44 -------- d-----w- c:\program files\Cisco Systems
2010-10-22 22:21 . 2010-10-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 22:39 . 2008-02-01 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-19 20:51 . 2010-04-03 16:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 07:52 . 2010-10-01 07:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 07:50 . 2010-06-14 23:02 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 07:50 . 2010-06-14 23:02 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-09-21 21:52 . 2010-09-21 21:52 36208 ----a-w- c:\documents and settings\Paula\Dscan16.dll
2010-09-21 21:52 . 2010-09-21 21:52 2855 ----a-w- c:\documents and settings\Paula\Smstub16.pif
2010-09-21 21:52 . 2010-09-21 21:52 17477 ----a-w- c:\documents and settings\Paula\Smstub16.exe
2010-09-21 21:52 . 2010-09-21 21:52 585728 ----a-w- c:\documents and settings\Paula\HPAsset.exe
2010-09-21 21:52 . 2010-09-21 21:52 40960 ----a-w- c:\documents and settings\Paula\hpmonZ.exe
2010-09-18 17:23 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 11:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 01:43 . 2009-06-18 13:21 256 ----a-w- c:\documents and settings\Paula\pool.bin
2010-08-27 08:02 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 02:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2004-03-01 20:58 . 2004-03-01 20:58 561424 ----a-w- c:\program files\Common Files\dao360.dll
.

------- Sigcheck -------

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-14 2424560]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-06-23 1699128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-05-11 21:39 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-17 20:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-09-15 22:12 273672 ----a-w- c:\program files\MSN Toolbar\Platform\6.3.2317.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 20:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 20:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 19:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:46 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-01-25 13:55 530736 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 67656]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/1/2010 1:52 AM 67904]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [6/19/2007 12:35 PM 597640]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [10/9/2008 5:37 PM 386560]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 3:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 11:00 AM 59648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 4:05 PM 266544]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 12872]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-20 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-11-20 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-11-20 c:\windows\Tasks\User_Feed_Synchronization-{CDC5A832-D7C0-4888-9457-2C57B7600603}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;127.0.0.1
uInternet Settings,ProxyServer = http=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: surfright.nl\www
TCP: {E2B52A10-D3BD-40BD-BFF6-95732E441C4C} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Web-Based Email Tools - hxxp://email09.secureserver.net/Download.CAB
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://entrepreneur.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} - hxxps://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-823518204-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-11-19 21:16:58
ComboFix-quarantined-files.txt 2010-11-20 03:16

Pre-Run: 16,970,166,272 bytes free
Post-Run: 16,900,726,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - D71E6D87D1943CBFBE168DC8DCC292B5
 
Disable the AVG Resident Shield before running the Combofix script:

Please open the AVG Control Center
  • Double-click on the "AVG Resident Shield" component
    Clipboard02-1.jpg
    )
  • Uncheck the "Turn on AVG Resident Shield"
  • Save the setting.

To re-enable the AVG Resident Shield after the scans:
  • Open the AVG Control Cente
  • Double-click on the "AVG Resident Shield" component
  • Check the "Turn on AVG Resident Shield"
  • Save the setting.
===========================================
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
KillAll::
File::
c:\windows\system32\drivers\hitmanpro35.sys
c:\windows\system32\drivers\TfSysMon.sys
c:\windows\system32\drivers\TfFsMon.sys
c:\windows\system32\drivers\TfNetMon.sys
c:\program files\pc tools security\tfengine\tfservice.exe service
c:\windows\system32\netprovcredman.dll

Folder::
c:\program files\Hitman Pro 3.5
c:\docume~1\alluse~1\applic~1\Hitman Pro
c:\documents and settings\All Users\Application Data\Hitman Pro
C:\found.000

DDS::
uInternet Settings,ProxyServer = http=
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: surfright.nl\www
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Driver::
ThreatFire
TfFsMon
TfSysMon
TfNetMon
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.

Reboot and follow with instructions in next post.
 
When the script through Combofix has been completed, please repat the Security Check:

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
==========================================
Download the HijackThis Installer and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
Combox fix log

ComboFix 10-11-19.01 - Paula 11/22/2010 7:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.580 [GMT -6:00]
Running from: c:\documents and settings\Paula\My Documents\downloads\Virus stuff\ComboFix.exe
Command switches used :: c:\documents and settings\Paula\My Documents\downloads\Virus stuff\cfscript.txt

FILE ::
"c:\program files\pc tools security\tfengine\tfservice.exe service c:\windows\system32\netprovcredman.dll"
"c:\windows\system32\drivers\hitmanpro35.sys"
"c:\windows\system32\drivers\TfFsMon.sys"
"c:\windows\system32\drivers\TfNetMon.sys"
"c:\windows\system32\drivers\TfSysMon.sys"
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\dir0000.chk\HIP_ABC.GIF
c:\found.000\dir0000.chk\HIPUSER.HTM
c:\windows\system32\drivers\hitmanpro35.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon


((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-22 13:24 . 2010-11-22 13:24 -------- d-----w- c:\documents and settings\Paula\Application Data\AVG10
2010-11-22 13:20 . 2010-11-22 13:20 -------- d-----w- c:\program files\AVG
2010-11-19 22:39 . 2010-11-19 22:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Paula\Application Data\Malwarebytes
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-18 22:16 . 2010-11-18 22:16 -------- d-----w- C:\$AVG
2010-11-18 21:50 . 2010-11-22 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-18 21:37 . 2010-11-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-18 20:40 . 2010-11-18 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-17 18:15 . 2010-11-19 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-16 17:25 . 2010-11-16 17:25 -------- d-----w- c:\documents and settings\Paula\Local Settings\Application Data\Dell
2010-11-13 14:34 . 2010-11-13 15:05 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 22:39 . 2008-02-01 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-19 20:51 . 2010-04-03 16:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 07:52 . 2010-10-01 07:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 07:50 . 2010-06-14 23:02 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 07:50 . 2010-06-14 23:02 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-09-21 21:52 . 2010-09-21 21:52 36208 ----a-w- c:\documents and settings\Paula\Dscan16.dll
2010-09-21 21:52 . 2010-09-21 21:52 2855 ----a-w- c:\documents and settings\Paula\Smstub16.pif
2010-09-21 21:52 . 2010-09-21 21:52 17477 ----a-w- c:\documents and settings\Paula\Smstub16.exe
2010-09-21 21:52 . 2010-09-21 21:52 585728 ----a-w- c:\documents and settings\Paula\HPAsset.exe
2010-09-21 21:52 . 2010-09-21 21:52 40960 ----a-w- c:\documents and settings\Paula\hpmonZ.exe
2010-09-18 17:23 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 11:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 01:43 . 2009-06-18 13:21 256 ----a-w- c:\documents and settings\Paula\pool.bin
2010-08-27 08:02 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 02:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2004-03-01 20:58 . 2004-03-01 20:58 561424 ----a-w- c:\program files\Common Files\dao360.dll
.

------- Sigcheck -------

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-06-23 1699128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-17 20:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-09-15 22:12 273672 ----a-w- c:\program files\MSN Toolbar\Platform\6.3.2317.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 20:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 20:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 19:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:46 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-01-25 13:55 530736 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/1/2010 1:52 AM 67904]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [6/19/2007 12:35 PM 597640]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [10/9/2008 5:37 PM 386560]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 3:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 11:00 AM 59648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 4:05 PM 266544]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-11-22 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-11-22 c:\windows\Tasks\User_Feed_Synchronization-{CDC5A832-D7C0-4888-9457-2C57B7600603}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: surfright.nl\www
TCP: {E2B52A10-D3BD-40BD-BFF6-95732E441C4C} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Web-Based Email Tools - hxxp://email09.secureserver.net/Download.CAB
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://entrepreneur.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} - hxxps://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 07:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-823518204-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-11-22 07:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-22 13:48
ComboFix2.txt 2010-11-20 03:16

Pre-Run: 16,560,840,704 bytes free
Post-Run: 16,391,036,928 bytes free

- - End Of File - - 20F88B91E55E4999FA273BF7B2173075
 
Security Check Scan log and Hijack This log

Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
OneCare Advisor (Windows Live Toolbar)
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Paula My Documents downloads Virus stuff\SecurityCheck.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````




Hijack This log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:49 AM, on 11/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: Web-Based Email Tools - http://email09.secureserver.net/Download.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://entrepreneur.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167758081154
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-6fa626abaa234940.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} (CCheckCtrl Object) - https://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2B52A10-D3BD-40BD-BFF6-95732E441C4C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14161 bytes
 
Is there some reason you are now logging on to GoToAssist? Looks like you installed in 2008- possibly for online remote help. The is an entry loading from The Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
And also by a Service:
2008-06-17 20:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

I can remove these with script if you're not using this.

Also, have you or the Administrator intentionally opened the following ports?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
Click to expand...
 
Go To Assist and open ports

Hello
I had probably used Go To Assist when I needed some assistance from Dell on my computer to diagnose a hardware problem. I do not use that.
Also I have not intentionally opened any additional ports. May have been done by Go To Assist (?) so I am clueless as to why they may be set that way.
Paula
 
Sorry- lost the thread!

Please run this Custom CFScript"

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it: Be sure to scroll down and include everything in the code box.
Code: 
File::
Folder::
c:\documents and settings\All Users\Application Data\Hitman Pro
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"=-
"5353:UDP"=-
"8182:TCP"=-
"3587:TCP"=-
"3540:UDP"=-

FCopy::
c:\windows\system32\dllcache\spoolsv.exe | c:\windows\System32\spoolsv.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Tell me please if you have the Chinese language on the system. And what are these tasks scheduled for? Did the Microsoft Fix it Center assist you with a problem? Are you needing to have these processes updated regularly?

2010-11-22 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-11-22 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]
=============================================
I notice you have CCleaner set to auto start on boot. Please disable that while I'm helping you.

I took a quick look at the HJT log. You have too many o16 entries> those are for Active X Objects. Do you have a lot of add-on? This can be a big vulnerability!

Also see too many Services running. (023) Have you ever customized the setting for them> I'd like you to visit Black Viper's site here http://www.blackviper.com/WinXP/servicecfg.htm In my opinion, there is no better source on the internet for knowing how to set the Services. Some must be on Automatic, meaning they need to start on boot. Many can be set to Manual to start when needed. And some can be Disabled because the can be a vulnerability.

Take you time with the Services. Be sure to check the Dependency> it's all there> scroll down to his chart.
 
12/3 Combofix log
ComboFix 10-12-03.01 - Paula 12/03/2010 16:38:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.549 [GMT -6:00]
Running from: c:\documents and settings\Paula\My Documents\downloads\Virus stuff\ComboFix.exe
Command switches used :: c:\documents and settings\Paula\My Documents\downloads\Virus stuff\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Hitman Pro
c:\documents and settings\All Users\Application Data\Hitman Pro\Banner.bin

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 22:38 . 2010-08-17 13:17 58880 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-12-03 22:38 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-22 13:59 . 2010-11-22 13:59 388096 ----a-r- c:\documents and settings\Paula\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-22 13:59 . 2010-11-22 13:59 -------- d-----w- c:\program files\Trend Micro
2010-11-22 13:24 . 2010-11-22 13:24 -------- d-----w- c:\documents and settings\Paula\Application Data\AVG10
2010-11-22 13:20 . 2010-11-22 13:20 -------- d-----w- c:\program files\AVG
2010-11-19 22:39 . 2010-11-19 22:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\Paula\Application Data\Malwarebytes
2010-11-19 00:02 . 2010-11-19 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-18 22:16 . 2010-11-18 22:16 -------- d-----w- C:\$AVG
2010-11-18 21:50 . 2010-11-22 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-18 21:37 . 2010-11-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-17 18:15 . 2010-11-19 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-16 17:25 . 2010-11-16 17:25 -------- d-----w- c:\documents and settings\Paula\Local Settings\Application Data\Dell
2010-11-13 14:34 . 2010-11-13 15:05 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 22:39 . 2008-02-01 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-19 20:51 . 2010-04-03 16:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 07:52 . 2010-10-01 07:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 07:50 . 2010-06-14 23:02 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 07:50 . 2010-06-14 23:02 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-09-21 21:52 . 2010-09-21 21:52 36208 ----a-w- c:\documents and settings\Paula\Dscan16.dll
2010-09-21 21:52 . 2010-09-21 21:52 2855 ----a-w- c:\documents and settings\Paula\Smstub16.pif
2010-09-21 21:52 . 2010-09-21 21:52 17477 ----a-w- c:\documents and settings\Paula\Smstub16.exe
2010-09-21 21:52 . 2010-09-21 21:52 585728 ----a-w- c:\documents and settings\Paula\HPAsset.exe
2010-09-21 21:52 . 2010-09-21 21:52 40960 ----a-w- c:\documents and settings\Paula\hpmonZ.exe
2010-09-18 17:23 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2004-03-01 20:58 . 2004-03-01 20:58 561424 ----a-w- c:\program files\Common Files\dao360.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-20_03.14.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-03 22:21 . 2010-12-03 22:21 16384 c:\windows\temp\Perflib_Perfdata_2d4.dat
+ 2010-11-20 03:36 . 2010-11-20 03:36 301056 c:\windows\Installer\223bff.msi
+ 2010-11-22 13:57 . 2010-11-22 13:57 1094656 c:\windows\Installer\4e52f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-17 20:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-09-15 22:12 273672 ----a-w- c:\program files\MSN Toolbar\Platform\6.3.2317.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-06-23 21:07 1699128 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 20:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 20:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 09:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 19:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:46 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-01-25 13:55 530736 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [10/1/2010 1:52 AM 67904]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [6/19/2007 12:35 PM 597640]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 4:05 PM 266544]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [10/9/2008 5:37 PM 386560]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 3:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 11:00 AM 59648]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-03 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-12-03 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 22:05]

2010-12-03 c:\windows\Tasks\User_Feed_Synchronization-{CDC5A832-D7C0-4888-9457-2C57B7600603}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: surfright.nl\www
TCP: {E2B52A10-D3BD-40BD-BFF6-95732E441C4C} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Web-Based Email Tools - hxxp://email09.secureserver.net/Download.CAB
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://entrepreneur.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} - hxxps://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 16:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-823518204-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-12-03 16:47:14
ComboFix-quarantined-files.txt 2010-12-03 22:47
ComboFix2.txt 2010-11-22 13:48
ComboFix3.txt 2010-11-20 03:16

Pre-Run: 16,301,084,672 bytes free
Post-Run: 16,277,889,024 bytes free

- - End Of File - - 6CB2E44B59F213EAD3197BA734844E9A


Sorry for the delay in responding. I have been out of town and left my computer at home.

No, to the best of my knowledge I do not have Chinese language installed.

Yes, Microsoft Fix It did do some problem resolution for me but I don't know what the tasks are. I can remove those.

I have disabled CCleaner.

I do have 23 add-ons but only 4 are enabled.

I will start working on the services
 
Did you run all of the script I had in Reply #16? There is no change in the ports.

Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)

Close all Windows except HijackThis and click on "Fix Checked."
=================================
There are 2 Symantec Services remaining. We will delete each: Follow these steps.
  1. Start> Run> CMD> enter>
    add_a_2.gif
  2. Type teach of the following in the CMD line and press Enter after each:
    Code: 
    [B]sc delete Automatic LiveUpdate Scheduler
sc delete LiveUpdate[/B]
  3. If the deletion was successful, you'll see the following response.
    [SC] DeleteService SUCCESS
  4. Type Exit to close the command prompt

Do any of the original problems remain? If not, you can remove the clenaing tools:
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

LEt me know if you have any questions.
 
Status
Not open for further replies.

Similar threads

A
Microsoft Copilot is showing ads in Windows 11 now, too
2
Replies
33
Views
1K
FF222
F
S
Inactive Ransomware virus
Replies
5
Views
2K
Broni
Broni
J
Wrestling with AI and the AIpocalypse we should be worried about
Replies
12
Views
316
poohbear
P

Latest posts

Back