need help wnpc antivirus

My mom's computer has got wnpc antivirus on it, which is a virus that I can't get off. This virus won't let me download any antivirus because (HTTP: Successfully connected to www.microsoft.com.
warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
info HTTPS: Successfully connected to www.microsoft.com.
error Could not make an FTP connection) somehow it has taken over the internet where the antivirus site can't connect to the server. I can get online but every few minutes it takes me to a site that says insecure internet activity threat of virus. There are two links which you can choose one to get full protection (which takes you to buy wnpc antivirus) or contine to website unprotected. Please help I have deleted the wnpc.exe but I need to get rid of the rest of the virus. Thank you!!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:27 PM, on 6/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
O2 - BHO: (no name) - {03FA024D-93E0-40B0-A695-58FC7EF4CA21} - C:\WINDOWS\system32\loyfsgde.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WinInet Class - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\WINDOWS\ieocx.dll
O2 - BHO: (no name) - {3BAA766C-D267-4AEA-B75D-87857A73B74B} - c:\windows\system32\mejxbkg.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Defender Pro Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1238302172\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: cqbzpxkq - C:\WINDOWS\SYSTEM32\mejxbkg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9727 bytes

Hello.
Before dealing with the malware, we need to remove a few other things first.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Abexo Free Registry Cleaner
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Agere Systems PCI-SV92EX Soft Modem
AOL Uninstaller (Choose which Products to Remove)
AppCore
Backup
ccCommon
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink Power2Go
CyberLink Power2Go
CyberLink PowerDVD
Defender Pro 5-in-1
eMachines Games
GearDrvs
GearDrvs
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NTI Backup Now 5
NTI Media Maker 8
NVIDIA Drivers
Realtek High Definition Audio Driver
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Internet Explorer 7

Hello.

You are running two antivirus', I see from the uninstall list you have Norton/Symantec installed, along with BitDefender. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton/Symantec to avoid conflict and other future problems.

Completely Uninstall Norton software using:

• SymNRT.exe
  

Instructions

1. Please download and save SymNRT.exe to your desktop.
   
2. Close all programs and double click on the tool.
   
3. Follow the on-screen instructions.
   
4. Restart the computer if asked.
   
5. Then delete the SymNRT.exe tool from your desktop.
   
6. Open the Program Files folder on your local disk ( normally C: )
   
7. Find and delete the following folders (if present):
   [list]
   
8. Norton AntiVirus
   
9. Norton Internet Security
   
10. Norton SystemWorks
    
11. Norton Personal Firewall
    

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

Adobe Reader 8.1.2
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Viewpoint Media Player

Next,

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {03FA024D-93E0-40B0-A695-58FC7EF4CA21} - C:\WINDOWS\system32\loyfsgde.dll
  O2 - BHO: WinInet Class - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\WINDOWS\ieocx.dll
  O2 - BHO: (no name) - {3BAA766C-D267-4AEA-B75D-87857A73B74B} - c:\windows\system32\mejxbkg.dll
  O20 - Winlogon Notify: cqbzpxkq - C:\WINDOWS\SYSTEM32\mejxbkg.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I cant remove Java(TM) 6 update 13 becuase during the installation process it says it needs to close iexplorer.exe and jqs.exe which are processes running automatically. The internet explorer is not open. I click to close them and my computer goes blue and restarts by itself. When it restarts says it suffered a fatal error. I then tried to download malwarebytes it gets to the end and says finishing installation but it never does also after a few minutes makes my screen blue and restarts by itself. When it came back on tried to click the icon on my desktop of malwrebytes that was there but wouldnt open. Deleted and tried to install again but no luck same thing so i deleted it. What do I do now???

I did remove the rest and did do the hijack fix.

ComboFix 09-05-31.06 - Janet Duross 06/01/2009 17:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.656 [GMT -4:00]
Running from: c:\documents and settings\Janet Duross\My Documents\Combo-Fix.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ieocx.dll
c:\windows\system32\drivers\ajhvbqgv.sys
c:\windows\system32\drivers\mwfmfibc.sys
c:\windows\system32\drivers\UACukvjnccvacnalkk.sys
c:\windows\system32\jvndqtk.dll
c:\windows\system32\loyfsgde.dll
c:\windows\system32\mejxbkg.dll
c:\windows\system32\rqchhxyh.dll
c:\windows\system32\UACalpvdxwqobwafpu.dll
c:\windows\system32\UACegwpeqfwwicxtcl.dll
c:\windows\system32\UACfoyamjbnmkfoxwy.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClbhwjvmdtrgmhfy.log
c:\windows\system32\UAClucklrptxxqucny.dll
c:\windows\system32\UACrmbwkswddsejmtw.log
c:\windows\system32\UACrohsrinydluegqq.dll
c:\windows\system32\UACvkalxcpgpgubfce.dat
c:\windows\system32\UACwdtyuvwvhnuelgk.log

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MWFMFIBC
-------\Legacy_SFC
-------\Legacy_UCISANKG
-------\Service_mwfmfibc
-------\Service_sfc
-------\Service_ucisankg


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 21:00 . 2009-06-01 21:47 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-01 20:53 . 2009-06-01 20:53 -------- d-----w- c:\documents and settings\Janet Duross\Local Settings\Application Data\tgbqnoae
2009-06-01 20:53 . 2009-06-01 20:53 -------- d-----w- c:\documents and settings\Janet Duross\Application Data\tgbqnoae
2009-06-01 20:12 . 2009-06-01 20:12 -------- d-----w- c:\windows\system32\LogFiles
2009-06-01 18:05 . 2009-06-01 18:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\tgbqnoae
2009-06-01 18:05 . 2009-06-01 18:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\tgbqnoae
2009-06-01 16:48 . 2009-06-01 16:48 -------- d-----w- c:\program files\Trend Micro
2009-06-01 04:11 . 2009-06-01 21:48 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-31 23:59 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-31 23:59 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-31 21:11 . 2009-05-31 21:11 -------- d-----w- c:\documents and settings\Janet Duross\Application Data\Template
2009-05-31 20:59 . 2009-05-31 20:59 -------- d-----w- c:\documents and settings\Janet Duross\Local Settings\Application Data\Mozilla
2009-05-31 20:56 . 2009-05-31 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-31 19:21 . 2009-05-31 19:21 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-31 01:37 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-05-31 01:37 . 2006-09-11 15:56 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-05-31 01:37 . 2006-12-21 19:18 497496 ----a-w- c:\windows\system32\XceedZip.dll
2009-05-31 01:37 . 2006-09-11 15:53 276352 ----a-w- c:\windows\system32\XceedSco.dll
2009-05-30 18:41 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 18:41 . 2009-05-30 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 18:41 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 17:35 . 2009-05-30 17:35 -------- d-----w- c:\documents and settings\Janet Duross\Option
2009-05-30 03:07 . 2009-05-30 03:07 193 ----a-w- c:\documents and settings\Janet Duross\Application Data\asd.bat
2009-05-23 04:13 . 2009-05-23 04:13 -------- d-----w- c:\documents and settings\Janet Duross\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 20:22 . 2008-10-29 01:22 -------- d-----w- c:\program files\Java
2009-06-01 20:06 . 2009-03-29 04:21 -------- d-----w- c:\documents and settings\Janet Duross\Application Data\Symantec
2009-06-01 20:06 . 2008-10-29 01:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-01 20:04 . 2008-10-29 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-01 19:47 . 2008-10-29 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 07:01 . 2008-10-29 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 21:11 . 2009-05-31 21:11 0 ----a-w- c:\documents and settings\Janet Duross\Application Data\wklnhst.dat
2009-05-31 21:05 . 2008-10-29 01:17 -------- d-----w- c:\program files\Microsoft.NET
2009-05-31 20:20 . 2008-10-29 01:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-03-30 23:35 . 2008-10-29 00:51 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 05:20 . 2009-03-29 05:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-29 04:47 . 2009-03-29 04:46 57261736 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4337.29.1\setup.exe
2009-03-29 04:46 . 2009-03-29 04:46 335 ----a-w- c:\windows\nsreg.dat
2009-03-29 04:22 . 2009-03-29 04:22 60664 ----a-w- c:\documents and settings\Janet Duross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2008-04-14 22:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"HostManager"="c:\program files\Common Files\AOL\1238302172\ee\AOLSoftware.exe" [2008-11-06 41264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1238302172\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 5:11 PM 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 2:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 7:03 AM 131072]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MWFMFIBC
*Deregistered* - mwfmfibc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{03FA024D-93E0-40B0-A695-58FC7EF4CA21} - c:\windows\system32\loyfsgde.dll
HKLM-Run-LaunchApp - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 18:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-01 18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 22:05

Pre-Run: 64,926,449,664 bytes free
Post-Run: 64,977,973,248 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2009-06-01 07:01

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
MWFMFIBC

Folder::
c:\documents and settings\Janet Duross\Local Settings\Application Data\tgbqnoae
c:\documents and settings\Janet Duross\Application Data\tgbqnoae
c:\documents and settings\NetworkService\Local Settings\Application Data\tgbqnoae
c:\documents and settings\NetworkService\Application Data\tgbqnoae

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-05-31.06 - Janet Duross 06/01/2009 23:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.565 [GMT -4:00]
Running from: c:\documents and settings\Janet Duross\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\Janet Duross\Desktop\CFScript.txt
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Janet Duross\Application Data\tgbqnoae
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\profiles.ini
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\cert8.db
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\compatibility.ini
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\compreg.dat
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\cookies.sqlite
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\formhistory.sqlite
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\key3.db
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\localstore.rdf
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\parent.lock
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\permissions.sqlite
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\places.sqlite-journal
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\places.sqlite-stmtjrnl
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\places.sqlite
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\pluginreg.dat
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\prefs.js
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\secmod.db
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\webappsstore.sqlite
c:\documents and settings\Janet Duross\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\xpti.dat
c:\documents and settings\Janet Duross\Local Settings\Application Data\tgbqnoae
c:\documents and settings\Janet Duross\Local Settings\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\urlclassifier3.sqlite
c:\documents and settings\Janet Duross\Local Settings\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\tgbqnoae
c:\documents and settings\NetworkService\Application Data\tgbqnoae\profiles.ini
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\cert8.db
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\key3.db
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\prefs.js
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\secmod.db
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\tgbqnoae
c:\documents and settings\NetworkService\Local Settings\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\tgbqnoae\Profiles\cp9z0zn4.default\XPC.mfl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MWFMFIBC


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-01 21:00 . 2009-06-01 21:47 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-01 20:12 . 2009-06-01 20:12 -------- d-----w- c:\windows\system32\LogFiles
2009-06-01 16:48 . 2009-06-01 16:48 -------- d-----w- c:\program files\Trend Micro
2009-06-01 04:11 . 2009-06-01 21:48 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-31 23:59 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-31 23:59 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-31 21:11 . 2009-05-31 21:11 -------- d-----w- c:\documents and settings\Janet Duross\Application Data\Template
2009-05-31 20:59 . 2009-05-31 20:59 -------- d-----w- c:\documents and settings\Janet Duross\Local Settings\Application Data\Mozilla
2009-05-31 20:56 . 2009-05-31 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-31 19:21 . 2009-05-31 19:21 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-31 01:37 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-05-31 01:37 . 2006-09-11 15:56 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-05-31 01:37 . 2006-12-21 19:18 497496 ----a-w- c:\windows\system32\XceedZip.dll
2009-05-31 01:37 . 2006-09-11 15:53 276352 ----a-w- c:\windows\system32\XceedSco.dll
2009-05-30 18:41 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 18:41 . 2009-05-30 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 18:41 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 17:35 . 2009-05-30 17:35 -------- d-----w- c:\documents and settings\Janet Duross\Option
2009-05-30 03:07 . 2009-05-30 03:07 193 ----a-w- c:\documents and settings\Janet Duross\Application Data\asd.bat
2009-05-23 04:13 . 2009-05-23 04:13 -------- d-----w- c:\documents and settings\Janet Duross\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 20:22 . 2008-10-29 01:22 -------- d-----w- c:\program files\Java
2009-06-01 20:06 . 2009-03-29 04:21 -------- d-----w- c:\documents and settings\Janet Duross\Application Data\Symantec
2009-06-01 20:06 . 2008-10-29 01:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-01 20:04 . 2008-10-29 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-01 19:47 . 2008-10-29 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 07:01 . 2008-10-29 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 21:11 . 2009-05-31 21:11 0 ----a-w- c:\documents and settings\Janet Duross\Application Data\wklnhst.dat
2009-05-31 21:05 . 2008-10-29 01:17 -------- d-----w- c:\program files\Microsoft.NET
2009-05-31 20:20 . 2008-10-29 01:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-03-30 23:35 . 2008-10-29 00:51 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 05:20 . 2009-03-29 05:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-29 04:47 . 2009-03-29 04:46 57261736 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4337.29.1\setup.exe
2009-03-29 04:46 . 2009-03-29 04:46 335 ----a-w- c:\windows\nsreg.dat
2009-03-29 04:22 . 2009-03-29 04:22 60664 ----a-w- c:\documents and settings\Janet Duross\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2008-04-14 22:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_22.03.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-02 03:17 . 2009-06-02 03:17 16384 c:\windows\temp\Perflib_Perfdata_70.dat
+ 2008-10-29 01:34 . 2009-06-01 22:07 63016 c:\windows\system32\perfc009.dat
- 2008-10-29 01:34 . 2009-06-01 21:14 63016 c:\windows\system32\perfc009.dat
+ 2008-10-29 01:34 . 2009-06-01 22:07 402406 c:\windows\system32\perfh009.dat
- 2008-10-29 01:34 . 2009-06-01 21:14 402406 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"HostManager"="c:\program files\Common Files\AOL\1238302172\ee\AOLSoftware.exe" [2008-11-06 41264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1238302172\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 5:11 PM 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 2:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 7:03 AM 131072]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0309&m=el1200-06w
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 23:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-02 23:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 03:19
ComboFix2.txt 2009-06-01 22:05

Pre-Run: 64,958,488,576 bytes free
Post-Run: 64,997,990,400 bytes free

192 --- E O F --- 2009-06-01 07:01

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

It seems to be good so far. Thank you!!!