Data Execution Prevention -Microsoft Windows

there is a window heading :

Data Execution Prevention -Microsoft Windows
To help protect your computer, Windows has closed this program
Name: Generic Host Process for Win32 services
Publisher: Microsoft Corporation
Close Message

I couldn't close this message and it keeps coming up. It's also another window when you are using computer for a while saying your memory could not be written. And u have two choices to click which is Cancel or terminate the program. If i click terminate, the computer will be stopped, and you can't click anything else. But if u click cancel(debug), u can continue using it.

i'm afraid it will harm my hard disk soon, so i really need help...please reply me as soon as possible

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:02 PM, on 12/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\My Documents\CPE17AntiAutorun1400.exe
D:\games\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [protect_autorun] D:\My Documents\CPE17AntiAutorun1400.exe /start
O4 - HKLM\..\Run: [DAEMON Tools] "D:\games\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\WINDOWS\TEMP\E_S3E7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC056B3B-1292-48CB-9979-AD25906723A2}: NameServer = 202.96.144.47,202.96.128.143
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 9773 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.42
Database version: 3299
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2009 4:48:47 PM
mbam-log-2009-12-05 (16-48-47).txt

Scan type: Quick Scan
Objects scanned: 106781
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.hȋdden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

there is still a problem after i did what u were recommended. When u play for a while, there will be a window saying svchost error something...and saying the memory cannot be written something which i can't remember. Will my hard disk be spoiled?

Hello.
Hard to tell yet, need to go deeper.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

DDS (Ver_09-12-01.01) - NTFSx86
Run by xp at 21:01:23.57 on Wed 12/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.874.66.1033.18.1534.878 [GMT -8:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\My Documents\CPE17AntiAutorun1400.exe
D:\games\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\xp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\windows\temp\E_S3E7.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [protect_autorun] d:\my documents\CPE17AntiAutorun1400.exe /start
mRun: [DAEMON Tools] "d:\games\daemon tools\daemon.exe" -lang 1033
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {AC056B3B-1292-48CB-9979-AD25906723A2} = 202.96.144.47,202.96.128.143
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\bqtwtzzb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-30 54752]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2006-2-20 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-5 38224]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2006-2-20 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2006-2-20 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2006-2-20 170408]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-12-06 17:37:39 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-06 16:47:23 989184 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-12-06 16:43:24 74240 ----a-w- c:\windows\system32\SET302.tmp
2009-12-06 16:43:24 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2009-12-06 16:43:13 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-12-06 16:43:13 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-12-06 16:42:59 253952 ----a-w- c:\windows\system32\SET2D2.tmp
2009-12-06 16:42:59 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-12-06 16:42:43 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-06 16:42:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-12-06 16:42:15 344064 ------w- c:\windows\system32\dllcache\localspl.dll
2009-12-06 16:42:01 1290752 ------w- c:\windows\system32\SET28B.tmp
2009-12-06 16:42:01 1290752 ------w- c:\windows\system32\dllcache\quartz.dll
2009-12-06 16:41:22 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-12-06 16:41:22 66560 ----a-w- c:\windows\system32\SET26E.tmp
2009-12-06 16:41:22 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-12-06 16:41:22 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-12-06 16:41:22 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-12-06 16:41:21 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-12-06 16:41:21 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-12-06 14:26:18 0 d-----w- c:\program files\MSXML 4.0
2009-12-06 14:21:01 47104 ------w- c:\windows\system32\dllcache\mqdscli.dll
2009-12-06 14:21:01 4608 ------w- c:\windows\system32\dllcache\mqsvc.exe
2009-12-06 14:21:01 16896 ------w- c:\windows\system32\dllcache\mqise.dll
2009-12-06 14:21:00 95744 ------w- c:\windows\system32\dllcache\mqsec.dll
2009-12-06 14:21:00 91776 ------w- c:\windows\system32\dllcache\mqac.sys
2009-12-06 14:21:00 48640 ------w- c:\windows\system32\dllcache\mqupgrd.dll
2009-12-06 14:21:00 471552 ------w- c:\windows\system32\dllcache\mqutil.dll
2009-12-06 14:21:00 225280 ------w- c:\windows\system32\dllcache\mqoa.dll
2009-12-06 14:21:00 138240 ------w- c:\windows\system32\dllcache\mqad.dll
2009-12-06 14:20:59 661504 ------w- c:\windows\system32\dllcache\mqqm.dll
2009-12-06 14:20:59 517120 ------w- c:\windows\system32\dllcache\mqsnap.dll
2009-12-06 14:20:59 19968 ------w- c:\windows\system32\dllcache\mqbkup.exe
2009-12-06 14:20:59 186880 ------w- c:\windows\system32\dllcache\mqtrig.dll
2009-12-06 14:20:59 169472 ------w- c:\windows\system32\dllcache\msmqocm.dll
2009-12-06 14:20:59 123392 ------w- c:\windows\system32\dllcache\mqrtdep.dll
2009-12-06 14:20:59 117248 ------w- c:\windows\system32\dllcache\mqtgsvc.exe
2009-12-06 14:20:58 177152 ------w- c:\windows\system32\dllcache\mqrt.dll
2009-12-06 14:20:46 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-06 14:19:59 283648 ------w- c:\windows\system32\dllcache\gdi32.dll
2009-12-06 14:17:56 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-06 14:17:35 417792 ------w- c:\windows\system32\dllcache\vbscript.dll
2009-12-06 14:17:15 0 d-----w- c:\program files\MSXML 6.0
2009-12-06 14:13:24 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-12-06 14:13:24 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-12-06 14:13:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-06 14:13:00 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-06 14:12:46 0 d--h--w- c:\windows\$hf_mig$
2009-12-06 08:52:07 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-12-06 06:10:11 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-12-06 06:05:19 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-12-06 06:04:44 8454656 ------w- c:\windows\system32\dllcache\shell32.dll
2009-12-06 06:00:03 138368 ------w- c:\windows\system32\dllcache\afd.sys
2009-12-06 06:00:02 360320 ------w- c:\windows\system32\dllcache\tcpip.sys
2009-12-06 06:00:02 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2009-12-06 06:00:02 100352 ------w- c:\windows\system32\dllcache\6to4svc.dll
2009-12-06 05:58:41 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-12-06 05:50:23 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-12-06 05:49:38 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-12-06 05:46:53 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-06 05:41:28 1850112 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-06 05:36:56 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-12-06 05:35:32 177152 ------w- c:\windows\system32\dllcache\msctfime.ime
2009-12-06 04:27:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-06 04:23:21 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-12-06 04:19:10 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-06 04:18:45 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-06 04:18:15 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-06 04:18:02 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-06 04:17:40 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-06 04:14:31 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-06 04:11:15 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-12-06 00:53:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-06 00:53:34 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-06 00:52:57 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-12-06 00:52:57 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-12-06 00:52:57 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-12-06 00:52:57 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-06 00:52:56 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-06 00:25:16 0 d-----w- c:\docume~1\xp\applic~1\Malwarebytes
2009-12-06 00:25:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-06 00:25:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 00:25:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-06 00:25:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 05:57:23 0 d-----w- c:\documents and settings\xp\Tracing
2009-12-01 05:31:01 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-01 05:30:50 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-01 05:29:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-01 05:29:22 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-01 05:28:54 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-01 05:27:43 0 d-----w- c:\program files\Microsoft
2009-12-01 05:27:28 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-01 05:09:40 0 d-----w- c:\program files\common files\Windows Live
2009-11-16 04:13:10 0 d-----w- c:\docume~1\xp\applic~1\Merscom
2009-11-16 04:13:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Merscom
2009-11-16 01:23:59 0 d-----w- c:\program files\Hostile Makeover

==================== Find3M ====================

2009-09-18 09:56:10 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-09-11 14:33:52 133632 ------w- c:\windows\system32\msv1_0.dll
2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\SET2FD.tmp
2009-09-11 14:03:37 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

============= FINISH: 21:01:55.32 ===============

how to attach the zip file here？


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2009 4:55:07 PM
System Uptime: 12/9/2009 8:37:27 PM (1 hours ago)

Motherboard: Wistron | | 30B3
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U1 | 1728/667mhz
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U1 | 1729/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 38.953 GiB free.
D: is FIXED (FAT32) - 56 GiB total, 24.757 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP107: 10/6/2009 11:29:21 PM - System Checkpoint
RP108: 10/9/2009 5:27:09 PM - System Checkpoint
RP109: 10/12/2009 3:31:58 PM - System Checkpoint
RP110: 10/15/2009 10:43:17 PM - System Checkpoint
RP111: 10/19/2009 6:20:44 AM - System Checkpoint
RP112: 10/20/2009 11:19:51 PM - System Checkpoint
RP113: 10/27/2009 12:55:49 AM - System Checkpoint
RP114: 10/28/2009 10:13:37 PM - System Checkpoint
RP115: 11/3/2009 3:42:07 PM - System Checkpoint
RP116: 11/5/2009 7:46:29 PM - System Checkpoint
RP117: 11/7/2009 1:12:27 AM - System Checkpoint
RP118: 11/9/2009 12:08:03 AM - System Checkpoint
RP119: 11/13/2009 5:00:15 PM - System Checkpoint
RP120: 11/15/2009 6:28:46 PM - System Checkpoint
RP121: 11/17/2009 12:28:31 PM - System Checkpoint
RP122: 11/18/2009 11:22:49 PM - System Checkpoint
RP123: 11/20/2009 8:28:35 AM - System Checkpoint
RP124: 11/21/2009 4:47:22 PM - System Checkpoint
RP125: 11/24/2009 1:07:24 AM - System Checkpoint
RP126: 11/25/2009 6:55:44 AM - System Checkpoint
RP127: 11/26/2009 11:39:02 AM - System Checkpoint
RP128: 11/30/2009 9:28:58 PM - Installed Windows XP WIC.
RP129: 11/30/2009 9:29:14 PM - Installed Windows XP KB954708.
RP130: 11/30/2009 9:29:31 PM - Installed DirectX
RP131: 12/1/2009 11:13:26 PM - System Checkpoint
RP132: 12/4/2009 4:00:07 PM - System Checkpoint
RP133: 12/6/2009 6:12:37 AM - Software Distribution Service 3.0
RP134: 12/6/2009 6:25:28 AM - Software Distribution Service 3.0
RP135: 12/9/2009 8:39:48 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ACDSee Pro 2
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Big Fish Games Client
Conexant HD Audio
CyberLink PowerDVD 8
EPSON Printer Software
GOM Player
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hostile Makeover
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB976098-v2)
HP Integrated Module with Bluetooth wireless technology
HP Quick Launch Buttons 6.10 B9
Intel(R) PRO Network Connections Drivers
Junk Mail filter update
K-Lite Mega Codec Pack 1.36
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mount&Blade
Mozilla Firefox (3.0.15)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
NetWaiting
NVIDIA Drivers
PaperPort Image Printer
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype? 3.8
Software Update for Web Folders
SPSS 13.0 for Windows
SpywareBlaster v3.5
Synaptics Pointing Device Driver
ThaiSoftware Dictionary V4.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Viewer
What's Running 2.2
Winamp (remove only)
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
Windows Driver Package - Intel (w39n51) net (09/28/2005 10.0.0.120)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

12/5/2009 7:41:38 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54109 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.124:123->207.46.232.182:123) is working properly.
12/5/2009 7:41:06 PM, error: Dhcp [1002] - The IP address lease 192.168.0.108 for the Network Card with network address 0016D30CE7F4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/5/2009 4:51:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
12/5/2009 4:51:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/5/2009 4:05:43 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54109 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.164:123->207.46.197.32:123) is working properly.
12/5/2009 3:51:56 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.165 with the system having network hardware address 00:22:68:88:A2:EC. Network operations on this system may be disrupted as a result.
12/5/2009 3:51:55 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/4/2009 6:44:12 PM, error: Dhcp [1002] - The IP address lease 192.168.2.151 for the Network Card with network address 0016D30CE7F4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/4/2009 3:17:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/3/2009 6:44:17 PM, error: Dhcp [1002] - The IP address lease 192.168.0.70 for the Network Card with network address 0016D30CE7F4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/2/2009 7:08:03 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
12/2/2009 5:29:59 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/2/2009 11:58:38 AM, error: Dhcp [1002] - The IP address lease 192.168.0.70 for the Network Card with network address 0016D30CE7F4 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/2/2009 11:54:49 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

i donno how to attach the file so i just post this log.

Hello, no reply

Hello.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\SET302.tmp
  c:\windows\system32\SET2D2.tmp
  c:\windows\system32\SET26E.tmp
  c:\windows\system32\SET2FD.tmp
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  "SFCDisable"=-
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
File/Folder c:\windows\system32\SET302.tmp not found.
File/Folder c:\windows\system32\SET2D2.tmp not found.
File/Folder c:\windows\system32\SET26E.tmp not found.
File/Folder c:\windows\system32\SET2FD.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\SFCDisable deleted successfully.

OTM by OldTimer - Version 3.1.2.2 log created on 12162009_211345

Still having problems now?

one more problem sir,

sometime when i try to shut down my computer, it doesn't shut down. I have to press power button to shut down instead..

Is this ａ　malware？

Not too sure what I can do about that, are you trying to shut down by Start menu button?

yes