McAfee ERROR-Starting on Demand Scanner

I am having problems with my laptop computer, My computer started getting slow, then I tried to run a scan with my McAfee but I could not do it, I get the message:Scanning has encountered a problem from which it cannot recover ERROR-Starting on Demand Scanner.

Then I tried to run the Malwarebytes AntiMalware and it then starts and then disappears from my screen so does Windows Defender it ran for about 55 seconds then this popped up - (Windows Defender encountered an error:0x800106ba A problem caused this program's service to stop)
The only thing that seems properly without disappearing is spyware doctor
It quarantined RogueAntiSpyware.AntiSpyware_LLC which I foolishly purchased
Also AdWare.PlayMP3z and Trojan.FakeAlert

SUPERAntiSpyware (free version). Also ran fine (quick scan) and found 2 Adware. Tracking Cookies

I tried to run Hijack this file after renaming it winlogon.exe. which i read in another post but it did not work and now will not delete: (Cannot delete winlogon: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.)
I did a system restore back to a day before I had problems but that did not help anything.
I ran DDS.scr and it says Not enough main memory to complete the sort.
Please Help

Last edited by Hemi1 on 4th October 2009, 5:25 am; edited 1 time in total (Reason for editing : spelling)

Here is the results using SystemLook

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:09 on 03/10/2009 by louish (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--c 180224 bytes [19:07 13/12/2007] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [21:27 17/06/2008] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [21:23 17/06/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [23:00 11/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--c 407040 bytes [19:05 13/12/2007] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [21:27 17/06/2008] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [21:23 17/06/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [23:00 11/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--c 55808 bytes [19:03 13/12/2007] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [21:28 17/06/2008] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [21:22 17/06/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [23:00 11/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

More results using SystemLook

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:20 on 03/10/2009 by louish (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--c 180224 bytes [19:07 13/12/2007] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [21:27 17/06/2008] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [21:23 17/06/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [23:00 11/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--c 407040 bytes [19:05 13/12/2007] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [21:27 17/06/2008] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [21:23 17/06/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [23:00 11/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--c 55808 bytes [19:03 13/12/2007] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [21:28 17/06/2008] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [21:22 17/06/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [23:00 11/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "winlogon.exe"
C:\Documents and Settings\louish\My Documents\Downloads\winlogon.exe --a--- 401720 bytes [19:24 02/10/2009] [19:24 02/10/2009] (Unable to calculate MD5)
C:\i386\winlogon.exe --a--c 502272 bytes [19:08 13/12/2007] [11:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [21:27 17/06/2008] [11:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [21:23 17/06/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--- 507904 bytes [23:00 11/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "comres.dll"
C:\i386\comres.dll --a--c 792064 bytes [18:59 13/12/2007] [11:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [21:28 17/06/2008] [11:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [21:22 17/06/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [23:00 11/08/2004] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

Searching for "crypt32.dll"
C:\i386\crypt32.dll --a--c 597504 bytes [19:00 13/12/2007] [11:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\Program Files\Wave Systems Corp\Secure Storage Manager\CRYPT32.dll --a--c 597504 bytes [05:56 04/08/2004] [05:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [21:28 17/06/2008] [11:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [21:22 17/06/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 599040 bytes [23:00 11/08/2004] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77

Searching for "gpedit.dll"
C:\i386\gpedit.dll --a--c 566784 bytes [19:03 13/12/2007] [11:00 04/08/2004] C4EE648B2474D84CF081C3FE0DC578DA
C:\WINDOWS\$NtServicePackUninstall$\gpedit.dll -----c 566784 bytes [21:28 17/06/2008] [11:00 04/08/2004] C4EE648B2474D84CF081C3FE0DC578DA
C:\WINDOWS\ServicePackFiles\i386\gpedit.dll ------ 566784 bytes [21:22 17/06/2008] [00:09 14/04/2008] 65F8DA8424AD27A365F61CCC8621FED2
C:\WINDOWS\system32\gpedit.dll --a--- 566784 bytes [23:00 11/08/2004] [00:09 14/04/2008] 65F8DA8424AD27A365F61CCC8621FED2

Searching for "rundll32.exe"
C:\i386\rundll32.exe --a--c 33280 bytes [19:07 13/12/2007] [11:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [21:27 17/06/2008] [11:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [21:23 17/06/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [23:00 11/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

Searching for "sfc.dll"
C:\i386\sfc.dll --a--c 5120 bytes [19:07 13/12/2007] [11:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [21:27 17/06/2008] [11:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [21:23 17/06/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [23:00 11/08/2004] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3

Searching for "svchost.exe"
C:\i386\svchost.exe --a--c 14336 bytes [19:07 13/12/2007] [11:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [21:27 17/06/2008] [11:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [21:23 17/06/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [23:00 11/08/2004] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

-=End Of File=-

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Sorry I ran Combo Fix first before you replied - here is the log

ComboFix 09-10-01.05 - louish 10/04/2009 9:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1311 [GMT -7:00]
Running from: c:\documents and settings\louish\Desktop\Combo-Fix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {D7B67E25-9B99-48A7-89AB-E3D8D7716279}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\17f0c09.msp
c:\windows\Installer\241927b.msi
c:\windows\Installer\a7bb24.msp
c:\windows\Installer\a7bb2c.msp
c:\windows\Installer\a95267.msp
c:\windows\Installer\cc0a4a.msi

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-12-04 00:09 . 2009-03-16 22:03 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-08-01 00:33 1391640 ----a-w- c:\program files\Absolutist_Games\tbAbso.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\louish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-26 133104]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"HostManager"="c:\program files\Common Files\AOL\1197596783\ee\AOLSoftware.exe" [2009-03-12 41264]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-19 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 20:59 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"W3SVC"=2 (0x2)
"UPS"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1197596783\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/1/2009 8:31 AM 206256]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/1/2009 8:31 AM 348824]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [12/8/2007 6:41 AM 166144]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [12/8/2007 6:41 AM 166144]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> C:c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S2 0199501254672463mcinstcleanup;McAfee Application Installer Cleanup (0199501254672463);c:\windows\TEMP\019950~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\019950~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0199501254672463MCINSTCLEANUP
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-527237240-839522115-1132Core.job
- c:\documents and settings\louish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 19:39]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-527237240-839522115-1132UA.job
- c:\documents and settings\louish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-26 19:39]

2009-10-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 04:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: isqft.com\www
Trusted Zone: mcafee.com
Trusted Zone: isqft.com\www
FF - ProfilePath - c:\documents and settings\louish\Application Data\Mozilla\Firefox\Profiles\ltpzphx1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
AddRemove-HijackThis - c:\documents and settings\louish\My Documents\Downloads\HijackThis.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-{AA63780B-DDB7-417b-8A13-E5AFBE08E807} - c:\program files\CyberDefender\cdinstx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 09:32
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(4232)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-10-04 9:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 16:43

Pre-Run: 22,541,160,448 bytes free
Post-Run: 24,077,914,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

272 --- E O F --- 2009-09-23 17:01

here is the avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\eventlog.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Here is the uninstall list as requested

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Absolutist Games Toolbar
Adobe Acrobat 8.1.6 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AltoMP3 Gold 5.20
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Autodesk Design Review 2009
Avery Wizard 3.1
AviSynth 2.5
BidView Web Client for Win32
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
Broadcom TPM Driver Installer
Brother MFL-Pro Suite
CCleaner (remove only)
CD-DVD Burner 1.0.0
Citrix Presentation Server Client
Conexant HDA D330 MDC V.92 Modem
CopyTrans Suite Remove Only
Corel WordPerfect Suite 8
Critical Update for Windows Media Player 11 (KB959772)
DeepBurner v1.3.6.168
Dell Embassy Trust Suite by Wave Systems
Dell Mobile Broadband Card Utility
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
DVD Decrypter (Remove Only)
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ETS Upgrade
FileZilla Client 3.2.1
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iDump (Backing up your iPod)
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
InterActual Player
iSqFt Full Viewer V4.01
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kazaa Lite Resurrection 0.0.9
K-Lite Codec Pack 2.27 Full
LabelCreator Pro
LG USB Modem driver
LimeWire 4.14.12
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project Standard 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.5.3)
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Rescue 3.1.6
Netscape Navigator (9.0.0.5)
NetWaiting
NTRU TCG Software Stack
O2Micro USB Smart Card Reader
OpenOffice.org Installer 1.0
Paint Shop Pro 5.01
PaperPort
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Revo Uninstaller 1.83
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
SearchAssist
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Wizards
SigmaTel Audio
Sonic Activation Module
Speeditup Free 4.90
Spyware Doctor 6.1
The American Contractor Workstation
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
upekmsi
V CAST Music with Rhapsody
VideoLAN VLC media player 0.8.6d
Videora iPod Converter 3.07
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wave Infrastructure Installer
Wave Support Software
Windows Defender
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kazaa Lite Resurrection 0.0.9
LimeWire 4.14.12

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Thought I disabled all my VS but I am getting the Warning Message anti virus: CyberDefender Internet Security the above real time scanner is still active
I will not click "OK" for combofix to run until I hear from you.

Also GoogleUpdate.exe is using 90% of my CPU so I killed it with task manager

I can't find that CyberDefender anywhere to disable or even to delete it.
Could it be some type of rogue spyware? Am I ok to run combofix?

Hello.
You should be okay to run the /u command as it's just removing Combofix and not really doing much apart from altering a few registry things for your safety.

Well Mcafee and Malwarebytes now run but now IE will not. I tried a reinstall
but it wouldn't let me and it placed an Internet Explorer Troubleshooting icon on my desktop but when I click that I get an error message: Windows cannot access the specified path, device, or file. You may not have the appropriate permissions to access the item.

Also I am missing some plug-ins that were used to view within certain webpages (ie: Ameritrade) and the plug-ins will not load when asked it blows out the browser (Netscape) - I must confess I used Revo-Uninstaller to uninstall
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kazaa Lite Resurrection 0.0.9
LimeWire 4.14.12
And not Control Panel Add/Remove

FYI - Ran McAfee full scan last night and it stalled at 65% then my computer would not shut down properly - also windows will not start in safe mode - I get the blue screen with error message

Please download this file.

• Please download Junction.zip and save it.
  
• Unzip it and put junction.exe in the Windows directory (C:\Windows).
  
• Go to Start => Run... => Copy and paste the following command in the run box and click OK:
  
  cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  
  
• A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
  

Belahzur, Thanks for all the help so far - I sent in a couple donations to help keep you "alive"

Prior to your last post I was able to Internet Explorer to run using Microsoft Fix It
Also I was able to get the stock market streamer to run within the Ameritrade website but the plug-in it needed was Java - I downloaded Java(TM) 6 Update 16 (I hope that was OK with you but I really need to watch the stock market activity during the day)

Tried to boot in safe mode again just to see if it would and still received the error PAGE_FAULT_IN_NONPAGED_AREA

Here is the Junction Log:

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

No reparse points found.

Hello.
Getting the update 16 is fine, it's the latest update out.

The MS Fix-it did what we was gonna do with Junction I had you download, but you beat me too it.

The BSOD error on safe mode boot could be caused by faulty hardware, have you installed any new hardware recently? or, by a corrupted piece of software caused by this malware infection. (This malware has the ability to screw files up, even after we removed it, which is why you still got that error and Fix-it fȋxed it)

Do you have your XP disc?

No NEW hardware installed except for an external seagate hard drive (which reminds me I have not scanned (Oh Shit) but it's not new I use it for back-up.

I do have the Dell Operating System Reinstallation CD - XP Pro Service Pack 2
2007 Dell Inc.

Scanned external seagate hard drive with malwarebyte's - No malicious items were detected

Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

10/6/2009 6:29:02 PM
mbam-log-2009-10-06 (18-29-02).txt

Scan type: Quick Scan
Objects scanned: 7067
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Lets try a repair install.
Put your XP disc in the machine, then reboot the machine. The machine will boot from disc.

See these short instructions here on performing a repair install:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

Let me know how it goes.

I did the repair install but on the final reboot it is just hanging, shows the xp logo and says please wait - the cursor is "hourglassed" The display is a windows quality (not like a DOS screen) Well I've been waiting for an hour now and nothing is happening. Also it never ask for a product key. I am 98% sure it's the same xp disk that was installed on this machine because it was with the manual and the other driver disk.

Help

Hello.
Reboot the machine again, and take the disc out, then let it boot normally, see if it did any good, even if it didn't get to 100%.

See if you can boot to safe mode now.

I pulled the plug and battery replaced and then it rebooted and wala it worked - Also tested safe mode and was successful
I think I'm missing some drivers however

Thanks

Oh I'm missing more than just drivers - wow I have some work cut out for me - Help and support does not load - McAfee does not load - Verizon wireless internet connection gone - Revo Uninstaller is unstable and had to shut down - I don't know what else but I'm sure in time I'll find out

Service Pack 3 ????????????

Hello.
SP3 is just the latest update service pack.

What problems remain?

After the repair install I just had a few minor problems with my printer and a handful of programs - Installed service pack 3 then I uninstalled and re-installed the programs that were giving me trouble and everything so far seems OK -
I also ran the program F-Secure that Dragonmaster Jay had me run on my OTHER computer - it found 66 infections that the other programs did not find so I tried it on this one.

Here is the report for this computer:

Scanning Report
08 October 2009 12:46:06 - 12:48:58

Computer name: LOUIS
Scanning type: Quick malware scan
Target: System
Result
No malware found

Statistics
Scanned:

* Files: 4275
* Not scanned: 0

Result:

* Viruses: 0
* Spyware: 0
* Suspicious items: 0
* Riskware: 0

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* Quarantined: 0
* Failed: 0

Boot Sectors:

* Scanned: 0
* Infected: 0
* Suspicious items: 0
* Disinfected: 0

Options
Definitions version:

* Viruses: 2009-10-08_10
* Spyware: 2009-10-08_10

Scanning Engines:

* F-Secure Aquarius: 11.00.00, 2009-10-08
* F-Secure Hydra: 4.00.9271, 2009-10-08
* F-Secure Gemini: 3.00.09, 2009-09-14

Scanning options:

* Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Scan inside archives

Actions:

* Viruses: Ask after scan
* Spyware: Ask after scan

Hello.
The above log looks fine, how is the machine running?

I believe there is some kind of conflict - I downloaded IE 8 to update before the fix and my XP disk had IE 6 installed. Explorer would not function so I installed IE 7 still no functioning - My system shows IE 7 is installed - I think it got a little messy

Other than that seems to be running fine so far - maybe a little slow but that may be due to system config startups - is there anything I can uncheck safely to make startup faster. Thanks for all your help!

Last edited by Hemi1 on 9th October 2009, 2:35 pm; edited 1 time in total (Reason for editing : added info)

Yeah, but we'll do it with my guidance to make sure we don't uncheck anything were not supposed to.

Post a new Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:56 AM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\AOL\1255060224\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\DOCUME~1\louish\LOCALS~1\Temp\McInstallTemp (3)\Install.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255060224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\Software\..\Telephony: DomainName = prizio.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = prizio.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0294801255106859) (0294801255106859mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\louish\LOCALS~1\Temp\029480~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14010 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
  O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255060224\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
  O20 - AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.
How is it now?

When I click on the IE (7) icon it gives me a rundll32.exe Ordinal Not Found - The Ordinal 237 could not be located in the dynamic link library IEFRAME.dll

Well I found out I couldn't be running service pack 3 to uninstall IE 7 - I tried following MicroSoft instructions to uninstall service pack 3 but the only way it worked was to restore point back to when i installed it. This brought me back to IE6 version which seems to work fine but there are a few other issues.

I run AOL for my kid and welcome screen comes up blank (white) and so do the other screens - I can read e-mail however

Also when I click Start / Windows Update I get this message: The request lookup key was not found in any active activation contex

Maybe you need to see a new Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:29 PM, on 10/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\louish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\Software\..\Telephony: DomainName = prizio.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prizio.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = prizio.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10599 bytes

bump

One thing you failed to tell me before we ran the repair install

Before you perform a repair installation of Microsoft Windows XP, you must uninstall Windows Internet Explorer 7 or Windows Internet Explorer 8 from the Windows XP-based computer. If you perform a repair installation of Windows XP when a later version of Internet Explorer is still installed, Internet Explorer will not work after the repair is completed.

The problems that have arisen from this is causing havoc on many programs that rely on explorer to function properly - and I have alot of problems

Hello.
Can you re-run Combofix? one thing wont go away.

FYI - Before I run ComboFix it gives me this warning:

ComboFix has detected the following real time scanner(s) to be active:
antivirus: CyberDefender Internet Security

I can't locate this program anywhere to disable (or get rid of) it.

ComboFix 09-10-13.01 - louish 10/13/2009 13:30.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1461 [GMT -7:00]
Running from: c:\documents and settings\louish\Desktop\Combo-Fix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {D7B67E25-9B99-48A7-89AB-E3D8D7716279}
AV: F-Secure Anti-Virus 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\louish\LOCALS~1\Temp\catchme.dll
c:\documents and settings\louish\Local Settings\temp\catchme.dll
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 17:17 . 2009-10-12 17:32 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-10-12 17:17 . 2009-07-09 09:33 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-10-12 17:16 . 2009-10-12 18:08 -------- d-----w- c:\program files\F-Secure
2009-10-12 17:14 . 2009-10-12 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-12 14:22 . 2009-10-12 14:22 -------- d-----w- c:\program files\Java
2009-10-11 23:48 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-11 23:48 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-11 23:48 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-11 23:48 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-11 23:48 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-11 23:48 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-11 23:48 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-11 21:37 . 2005-07-08 21:19 666 ----a-w- c:\windows\speed.reg
2009-10-11 19:17 . 2009-10-11 19:17 -------- d-----w- c:\program files\Common Files\Zeepe Framework 7
2009-10-11 17:07 . 2009-10-11 17:07 -------- d-----w- c:\windows\system32\vmm32
2009-10-11 16:13 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-10-11 16:13 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-10-11 16:13 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-10-11 16:13 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-10-11 16:13 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-10-11 16:11 . 2004-08-04 05:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2009-10-11 16:10 . 2001-08-17 20:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-10-11 16:09 . 2001-08-17 21:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-10-11 16:08 . 2001-08-17 21:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-10-11 16:07 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-10-11 16:06 . 2001-08-18 05:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2009-10-11 16:05 . 2001-08-17 20:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-10-11 16:04 . 2001-08-18 05:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-10-11 16:03 . 2001-08-17 20:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2009-10-11 16:02 . 2001-08-18 05:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-10-11 16:01 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-10-11 16:00 . 2001-08-17 19:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-10-11 16:00 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-10-11 16:00 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-11 16:00 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-10-11 16:00 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-10-11 16:00 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-11 15:58 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2009-10-11 15:58 . 2001-08-17 20:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2009-10-11 15:58 . 2001-08-17 19:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-10-11 15:58 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2009-10-11 15:58 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-10-11 15:58 . 2001-08-18 05:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-11 15:58 . 2001-08-18 05:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-11 15:58 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-11 15:58 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-11 15:58 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-11 15:58 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-10-11 15:56 . 2001-08-17 21:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2009-10-11 15:55 . 2001-08-17 20:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2009-10-11 15:54 . 2001-08-17 21:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2009-10-11 15:53 . 2001-08-17 20:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2009-10-11 15:52 . 2001-08-17 19:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2009-10-11 15:51 . 2001-08-17 19:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2009-10-11 15:50 . 2001-08-17 20:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-11 15:49 . 2004-08-04 05:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2009-10-10 19:40 . 2009-10-10 19:40 -------- d-----w- c:\program files\AOL Toolbar
2009-10-10 19:18 . 2009-10-10 19:18 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-10 19:18 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2009-10-10 19:17 . 2009-10-11 15:21 -------- d-----w- c:\program files\AOL 9.1
2009-10-09 21:03 . 2009-10-09 21:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2009-10-09 05:01 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-08 20:43 . 2009-10-08 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-08 20:43 . 2009-10-08 20:43 -------- d-----w- c:\program files\Viewpoint
2009-10-08 18:51 . 2009-10-09 19:00 65 ----a-w- c:\windows\system32\BD7020.dat
2009-10-08 18:50 . 2003-11-29 01:57 0 ----a-w- c:\windows\brdfxspd.dat
2009-10-08 17:42 . 2009-10-09 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters(2)
2009-10-08 16:25 . 2009-10-08 16:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2009-10-08 16:23 . 2009-10-12 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-10-08 03:16 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-10-08 03:16 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-10-08 02:48 . 2009-10-11 18:33 -------- d-----w- c:\documents and settings\louish\Local Settings\Application Data\Deployment
2009-10-08 02:36 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-08 02:36 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-08 02:36 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-08 02:36 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-08 02:36 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-08 02:36 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-08 02:36 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-08 02:36 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-08 02:36 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-08 02:36 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-08 02:36 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-08 02:34 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-08 02:29 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2009-10-08 02:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-08 02:22 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-08 02:22 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-08 02:22 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-08 02:21 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-08 02:20 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-07 22:56 . 2007-05-18 17:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-07 21:59 . 2004-08-04 10:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2009-10-07 21:58 . 2008-04-14 00:09 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2009-10-07 21:53 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-07 21:50 . 2004-08-04 10:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-10-07 21:35 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-07 21:35 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-07 21:35 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-07 21:35 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-07 17:45 . 2009-10-13 02:36 -------- d-----w- c:\program files\Roxio
2009-10-07 14:23 . 2009-10-07 14:23 -------- d-----w- c:\windows\dell
2009-10-06 21:26 . 2007-07-24 22:58 95616 ----a-w- c:\windows\junction.exe
2009-10-06 15:04 . 2009-10-12 14:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 00:18 . 2009-10-06 00:19 -------- d-----w- C:\Combo-Fix8085C
2009-10-05 21:36 . 2009-10-05 21:36 -------- d-----w- C:\My Shared Folder
2009-10-05 21:36 . 2009-10-05 21:36 -------- d-----w- c:\documents and settings\louish\Application Data\Kazaa Lite
2009-10-05 21:36 . 2009-10-05 21:50 -------- d-----w- c:\program files\LimeWire
2009-10-05 20:21 . 2009-10-05 21:36 -------- d-----w- C:\Combo-Fix
2009-10-05 16:53 . 2009-10-05 16:53 11952 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-10-05 16:53 . 2009-10-05 16:57 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-10-05 16:52 . 2009-10-05 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-05 16:52 . 2009-10-05 16:52 -------- d-----w- c:\program files\AVG
2009-10-05 16:52 . 2009-10-05 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-05 14:42 . 2009-10-05 14:42 -------- d-----w- c:\program files\Trend Micro
2009-10-04 19:31 . 2009-10-04 19:31 -------- d-----w- C:\GHOSTS_OF_GIRLFRIENDS_PAST
2009-10-04 18:08 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 18:08 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 18:08 . 2009-10-04 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 01:05 . 2009-10-04 01:12 -------- d-----w- c:\windows\BDOSCAN8
2009-10-04 00:16 . 2009-10-04 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-02 17:46 . 2009-10-01 17:29 195440 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-01 20:43 . 2009-10-01 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-01 20:43 . 2009-10-01 20:43 -------- d-----w- c:\documents and settings\louish\Application Data\SUPERAntiSpyware.com
2009-10-01 20:07 . 2009-10-01 20:07 129 ----a-w- c:\documents and settings\louish\Local Settings\Application Data\fusioncache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 20:05 . 2008-10-30 21:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 16:46 . 2007-12-14 02:09 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-10-13 15:36 . 2009-10-13 15:36 -------- d-----w- c:\documents and settings\louish\Application Data\Regensoft
2009-10-13 15:35 . 2009-10-13 15:35 -------- d-----w- c:\documents and settings\louish\Application Data\Red Kawa
2009-10-13 15:29 . 2009-10-13 15:29 -------- d-----w- c:\program files\Regensoft
2009-10-13 15:29 . 2008-05-12 20:24 -------- d-----w- c:\program files\Red Kawa
2009-10-13 15:20 . 2007-12-08 14:30 68648 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 04:02 . 2007-12-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 04:00 . 2007-12-08 14:21 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 03:15 . 2007-12-19 21:28 -------- d-----w- c:\documents and settings\louish\Application Data\Roxio
2009-10-13 02:38 . 2007-12-08 14:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-12 16:34 . 2007-12-08 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-12 15:36 . 2007-12-12 23:42 -------- d-----w- c:\documents and settings\louish\Application Data\Wave Systems Corp
2009-10-11 21:41 . 2009-10-11 21:41 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D830.MRK
2009-10-11 21:41 . 2007-12-08 13:40 5 -c--a-w- c:\windows\system32\drivers\1028_Dell_LAT_D830.mrk
2009-10-11 21:37 . 2007-12-08 14:02 -------- d-----w- c:\program files\Dell
2009-10-11 19:17 . 2007-12-08 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2009-10-10 19:44 . 2007-12-14 01:46 -------- d-----w- c:\program files\Common Files\aol
2009-10-10 19:19 . 2007-12-14 01:48 -------- d-----w- c:\documents and settings\louish\Application Data\AOL
2009-10-10 19:19 . 2007-12-14 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-10 19:17 . 2009-10-09 18:42 -------- d-----w- c:\program files\Common Files\aolshare
2009-10-09 20:45 . 2007-12-14 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-10-07 21:51 . 2004-08-11 23:12 27904 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-07 15:40 . 2008-10-22 04:02 -------- d-----w- c:\program files\CCleaner
2009-10-06 17:58 . 2007-12-12 23:21 -------- d-----w- c:\documents and settings\Default User\Application Data\Wave Systems Corp
2009-10-06 05:17 . 2008-05-09 18:35 -------- d-----w- c:\program files\MP3 Rocket
2009-10-05 21:36 . 2007-12-17 18:26 -------- d-----w- c:\documents and settings\louish\Application Data\LimeWire
2009-10-04 19:25 . 2009-09-02 14:26 -------- d-----w- c:\program files\DVD Decrypter
2009-10-02 16:01 . 2007-12-12 23:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2009-10-01 18:40 . 2008-10-22 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-17 14:58 . 2008-09-03 02:36 -------- d-----w- c:\documents and settings\louish\Application Data\Move Networks
2009-09-16 17:26 . 2008-08-18 15:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 05:12 . 2009-09-06 21:53 -------- d-----w- c:\program files\Verizon
2009-09-12 05:11 . 2008-10-22 21:47 -------- d-----w- c:\program files\Speeditup Free
2009-09-12 05:11 . 2009-09-09 03:25 -------- d-----w- c:\program files\Advanced PC Tweaker
2009-09-12 05:10 . 2009-09-12 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2009-09-09 18:38 . 2009-09-09 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-09-09 18:38 . 2009-09-09 18:38 -------- d-----w- c:\documents and settings\louish\Application Data\WindSolutions
2009-09-06 22:02 . 2009-09-06 21:55 -------- d-----w- c:\documents and settings\louish\Application Data\Verizon
2009-09-03 01:34 . 2009-09-03 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-08-21 17:07 . 2009-08-21 17:07 -------- d-----w- c:\program files\MSBuild
2009-08-21 17:06 . 2009-08-21 17:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl(2).dll
2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2001-12-04 00:09 . 2009-03-16 22:03 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-08-01 00:33 1391640 ----a-w- c:\program files\Absolutist_Games\tbAbso.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-08-01 1391640]

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HostManager"="c:\program files\Common Files\AOL\1255202241\ee\AOLSoftware.exe" [2008-06-24 41824]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 331851]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-12 149280]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-17 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 20:59 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"W3SVC"=2 (0x2)
"UPS"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\aol\\1255202241\\ee\\aolsoftware.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/12/2009 10:17 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/12/2009 10:17 AM 80000]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/1/2009 8:31 AM 206256]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [10/12/2009 10:16 AM 68064]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/1/2009 8:31 AM 348824]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 3:00 AM 5120]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [10/12/2009 10:16 AM 100984]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [10/12/2009 10:16 AM 55904]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [12/8/2007 6:41 AM 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [12/8/2007 6:41 AM 92288]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [10/12/2009 10:16 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [10/12/2009 10:16 AM 25184]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: isqft.com\www
FF - ProfilePath - c:\documents and settings\louish\Application Data\Mozilla\Firefox\Profiles\ltpzphx1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?ncid=toolbar
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\documents and settings\louish\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\louish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe
AddRemove-AOL Toolbar for Firefox - c:\documents and settings\louish\Application Data\Mozilla\Firefox\Profiles\ltpzphx1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\uninstall.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\program files\F-Secure\FSPS\program\FSLSP.DLL

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-10-13 13:39
ComboFix-quarantined-files.txt 2009-10-13 20:38
ComboFix2.txt 2009-10-04 16:43

Pre-Run: 9,465,389,056 bytes free
Post-Run: 9,674,579,968 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
356 --- E O F --- 2009-10-13 14:58

Hello.
Thanks, looks okay.

Please navigate to this webpage and see the section "Fix it for me"

Click the Microsoft Fix-It button. Download the file to your Desktop. Then, double-click it to run. Follow the prompts.