c:windows/system32/is15.exe or worm.win32.netsky

Hi i am new and computer stupid.lol. Need help getting this off. i read the other post but didn't really understand what i was needing to do. i thank you in advance for any help and have a great day. thank you

i thought i may need to add my problems. sorry i didn't do that from the beginning. my original screen is green, every few minutes i get a popup about spyware and needing to add antispyware. it has like 3 different names: worm.win32.netsky, c:/windows/system32/41.exe, and c:/windows/system32/IS15.exe. I cannot do anything on my computer because it keeps telling me I am infected, and for a long time it would not let me on the internet. Now all i can do is pretty much just go to google. here is an example of what Mcafee is telling me:

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: FakeAlert-CK (Trojan), FakeAlert-CK (Trojan)
Location: C:\WINDOWS\system32\IS15.exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

This is only one example of what i have been getting all day. oh yeah my computer was fine this morning but started messing up when my mom was checking her yahoo mail when i was gone. that is when all of this started.

i hope this is allowed and do not mean to double post i just really do not understand what i need to do and need to be walked through anything computer. I also thought if i added my problems it would be easier to help me. thank you for your time and help once again.

yeah it keeps sending me to this Internet 2010 thing for me to buy for 50.00. No thanks i just want this stuff off my comp.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

this is what it found. thank you

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:57:32 PM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\41.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WS9E3IQBKY] C:\WINDOWS\system32\41.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 8175 bytes

i beleive i have the updated java software is it too late for me to check or will it mess up what i have already done.

Hello.

Please download the LSPfix from here: LSPFix
Unzip it to the Desktop (Important!!) and run it. Check the box that says "I know what I'm doing", and then select each instance of "helper32.dll" in the left-hand panel and click >> button to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe,C:\WINDOWS\system32\sdra64.exe,
  O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
  O4 - HKCU\..\Run: [WS9E3IQBKY] C:\WINDOWS\system32\41.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

here is the mbam log. thank you it looks like it might be fixed.

Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 2:32:54 PM
mbam-log-2010-01-17 (14-32-54).txt

Scan type: Quick Scan
Objects scanned: 130704
Time elapsed: 13 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janice\Local Settings\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janice\Local Settings\Temporary Internet Files\Content.IE5\7VY72E0S\420c3[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

this is the log. i followed the directions to disable the anit-virus but when it had to reboot the second time to finish then it came back on and i couldn't cut it off again because combofix was still running. if i need to redo it or do it different please let me know. thank you for your help once again.

ComboFix 10-01-16.04 - Compaq_Owner 01/17/2010 21:44:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.140 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\s
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\ps2.bat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-17 20:17 . 2010-01-17 20:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-01-17 20:17 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 20:17 . 2010-01-17 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-17 20:17 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 20:17 . 2010-01-17 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 01:56 . 2010-01-17 01:56 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-17 01:56 . 2010-01-17 01:56 -------- d-----w- c:\program files\TrendMicro
2010-01-16 20:26 . 2010-01-16 20:26 -------- d-----w- c:\program files\CCleaner
2010-01-16 20:18 . 2010-01-16 20:18 28360 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 17:44 . 2010-01-16 17:44 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Identities
2010-01-16 15:40 . 2010-01-16 15:40 -------- d-----w- c:\documents and settings\Janice\Application Data\AdobeUM
2010-01-16 15:40 . 2010-01-16 15:40 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Adobe
2010-01-13 16:32 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:07 . 2010-01-12 20:07 -------- d-----w- c:\windows\system32\scripting
2010-01-12 20:07 . 2010-01-12 20:07 -------- d-----w- c:\windows\l2schemas
2010-01-12 20:07 . 2010-01-12 20:07 -------- d-----w- c:\windows\system32\en
2010-01-12 20:07 . 2010-01-12 20:07 -------- d-----w- c:\windows\system32\bits
2010-01-12 19:46 . 2010-01-12 19:46 -------- d-----w- c:\windows\EHome
2010-01-12 14:53 . 2010-01-12 14:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Adobe
2010-01-12 14:53 . 2010-01-12 14:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2010-01-12 14:53 . 2010-01-12 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-10 01:26 . 2010-01-10 01:26 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Yahoo
2010-01-10 01:22 . 2010-01-10 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-10 01:22 . 2009-06-20 08:04 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-01-10 01:22 . 2010-01-10 01:22 -------- d-----w- c:\program files\Yahoo!
2010-01-10 00:51 . 2010-01-12 19:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-01-10 00:48 . 2010-01-10 00:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 00:45 . 2010-01-10 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-01-10 00:41 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-10 00:41 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-10 00:41 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-10 00:41 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-10 00:40 . 2010-01-10 00:41 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-10 00:40 . 2010-01-10 00:40 -------- d-----w- c:\program files\McAfee.com
2010-01-10 00:40 . 2010-01-12 20:47 -------- d-----w- c:\program files\McAfee
2010-01-10 00:27 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-10 00:22 . 2010-01-10 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-10 00:03 . 2010-01-10 20:10 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-09 23:59 . 2010-01-09 23:59 -------- d-----w- c:\program files\ATT-RC
2010-01-09 23:16 . 2010-01-09 23:43 -------- d-----w- c:\documents and settings\Janice\Application Data\Motive
2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\program files\ATT-HSI
2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\program files\Common Files\Motive
2010-01-09 22:53 . 2010-01-10 00:03 -------- d-----w- c:\program files\SBC Yahoo!
2010-01-07 23:49 . 2004-08-04 04:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-01-07 22:26 . 2010-01-12 20:01 -------- d-----w- c:\windows\ServicePackFiles
2010-01-07 22:24 . 2010-01-07 22:24 -------- d-----w- c:\windows\ie8updates
2010-01-07 17:08 . 2010-01-07 17:08 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Google
2010-01-07 13:47 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-07 13:47 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-07 13:47 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-07 13:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-07 13:47 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-07 13:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-07 13:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-07 13:44 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-07 13:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-07 13:44 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-07 05:07 . 2010-01-14 02:16 -------- d--h--w- c:\windows\$hf_mig$
2010-01-07 04:38 . 2010-01-07 04:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google
2010-01-07 04:16 . 2010-01-07 04:16 -------- d-----w- c:\program files\Google
2010-01-07 04:14 . 2010-01-07 04:14 1956072 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-06 23:53 . 2010-01-06 23:53 1956072 ----a-w- c:\documents and settings\Janice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-06 23:41 . 2010-01-06 23:41 -------- d-sh--w- c:\documents and settings\Janice\IECompatCache
2010-01-06 23:40 . 2010-01-06 23:40 -------- d-sh--w- c:\documents and settings\Janice\PrivacIE
2010-01-06 23:40 . 2010-01-18 03:54 182 ----a-w- c:\windows\system\hpsysdrv.DAT
2010-01-06 23:34 . 2004-08-04 12:00 82432 -c--a-w- c:\windows\system32\dllcache\ufat.dll
2010-01-06 23:33 . 2008-04-14 00:11 927504 ----a-w- c:\windows\system32\mfc40u.dll
2010-01-06 23:32 . 2008-04-14 00:11 32768 ----a-w- c:\windows\system32\dispex.dll
2010-01-06 23:24 . 2010-01-17 20:17 -------- d-----r- C:\Program Files
2010-01-06 23:22 . 2010-01-06 23:32 -------- d-----r- c:\documents and settings\All Users\Documents
2010-01-06 23:20 . 2010-01-18 03:44 -------- dcsh--r- c:\windows\system32\dllcache
2010-01-06 23:08 . 2010-01-06 23:08 -------- d-----w- c:\windows\Sun
2010-01-06 23:08 . 2010-01-06 23:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 23:07 . 2010-01-06 23:07 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-06 23:07 . 2010-01-06 23:07 79488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 22:57 . 2010-01-06 22:57 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2010-01-06 22:54 . 2010-01-06 22:54 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2010-01-06 22:52 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-06 22:52 . 2010-01-06 22:52 -------- dc-h--w- c:\windows\ie8
2010-01-06 22:48 . 2010-01-06 22:48 -------- d-sh--w- c:\documents and settings\Compaq_Owner\UserData
2010-01-06 22:48 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-06 22:44 . 2004-08-09 09:03 128 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2010-01-06 22:44 . 2004-08-10 23:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-06 22:44 . 2004-08-09 09:03 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2010-01-06 22:44 . 2004-08-09 08:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-01-06 22:44 . 2004-08-09 08:55 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-01-06 22:44 . 2004-08-09 06:12 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2010-01-06 22:43 . 2002-11-21 16:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-01-06 22:43 . 2002-11-21 16:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-01-06 22:43 . 2002-11-21 16:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-01-06 22:43 . 2002-11-21 16:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-01-06 22:43 . 2002-11-21 16:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-01-06 22:43 . 2002-11-21 16:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-01-06 22:43 . 2010-01-06 22:43 -------- d-----w- c:\program files\InterVideo
2010-01-06 22:42 . 2004-08-09 08:55 -------- d-----w- c:\documents and settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 20:17 . 2004-08-09 05:44 81971 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-12 20:16 . 2010-01-12 20:16 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PluginCtrl.dll
2010-01-12 20:16 . 2010-01-12 20:16 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PCHButton.exe
2010-01-12 20:16 . 2010-01-12 20:16 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\InetWrap.dll
2010-01-12 20:16 . 2010-01-12 20:16 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\motivede.dll
2010-01-12 20:16 . 2010-01-12 20:16 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\ContentUpdater.exe
2010-01-12 20:16 . 2010-01-12 20:16 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\msxmlwrapper.dll
2010-01-12 20:16 . 2010-01-12 20:16 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\GUI.dll
2010-01-12 20:16 . 2010-01-12 20:16 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\msxmlwrapper.dll
2010-01-12 20:16 . 2010-01-12 20:16 155877 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\js.zip
2010-01-12 20:16 . 2010-01-12 20:16 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\api.dll
2010-01-12 20:16 . 2010-01-12 20:16 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchealthde.exe
2010-01-12 20:14 . 2010-01-12 20:14 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\pchmsxml.dll
2010-01-12 20:14 . 2010-01-12 20:14 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\winverifytrustwrapper.dll
2010-01-12 20:14 . 2010-01-12 20:14 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\jsharpinterp.dll
2010-01-12 20:14 . 2010-01-12 20:14 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\INV16.dll
2010-01-12 20:14 . 2010-01-12 20:14 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\pchnotify.exe
2010-01-09 23:15 . 2004-08-09 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-01-06 23:08 . 2004-08-09 06:12 -------- d-----w- c:\program files\Java
2010-01-06 22:49 . 2004-08-09 09:08 -------- d-----w- c:\program files\Easy Internet signup
2010-01-06 22:47 . 2010-01-06 22:47 4200 --sha-r- c:\windows\system32\drivers\HP_PJ530AA-ABa SR1214NX NA441_YC_Pres_QCNY438_E44NAheRAS2_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448_J80_7AMD_8Athlon XP 2900+_92_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G11067205.MRK
2010-01-06 22:47 . 2004-08-09 06:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 22:43 . 2004-08-09 08:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 15:51 . 2004-08-09 04:28 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 22:54 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:45 . 2004-08-09 04:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-09 04:28 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-09 04:28 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-8-9 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/9/2010 6:44 PM 93320]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-06-22 04:19]

2010-01-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 21:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ALCXMNTR.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2010-01-17 21:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-18 03:59

Pre-Run: 72,650,883,072 bytes free
Post-Run: 73,176,215,552 bytes free

- - End Of File - - E516385BFB8B64B93EE5E920F9B11C2E

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

it is running alot better but when i log on and off i still get a red screen before my screensaver goes up or off. no more popups though. i appreciate all your help.

Red screen? can you provide any greater detail? is it plain blank or say anything on the screen?

it is just a red plain screen. no more popups or warnings trying to send me to Internet 2010. It only comes up when i first log on and it stays for a few seconds and then my screen saver comes on and then when i log off it comes back on and then it shows my screen saver again then goes to the login screen.

Try disabling your screensaver.

that fixed it. thank you so much. this website is so awesome and i will be giving a donation in the next couple of days. thank you once again and have a great day.