Helo, logs are completed.

Okay this is a friends laptop, it is an Acer, Aspire 3680 the OS is Win XP proffesional service pack 3 , 1.8ghz 1GB of Ram. It had tons of threats after I ran scans. I did what I knew how to do, the logs now say clean, but I am unfamiliar with the DDS logs and need a little assitance to make sure it is safe to use again. All I did was run the scans le the scans qurantine, and I used the self help process tool to remove fix some items in HJT, I only messed with one I felt comfortable removing.  Also the comp has several user accounts I do not use user accounts so I am also unfamiliar how that works. Do I need to go to each account and run these scans? Okay so here it goes. . . (looks like I forgot to check Java, I will do that now) And thank you in advance, I have recieved advice here in the past and I am still thankful for that! You guys rock!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/18/2011 at 09:26 PM

Application Version : 5.0.1134

Core Rules Database Version : 7813
Trace Rules Database Version: 5625

Scan type       : Complete Scan
Total Scan Time : 00:27:58

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 416
Memory threats detected   : 0
Registry items scanned    : 35179
Registry threats detected : 0
File items scanned        : 45137
File threats detected     : 0

MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7974

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/18/2011 9:37:23 PM
mbam-log-2011-10-18 (21-37-23).txt

Scan type: Quick scan
Objects scanned: 229979
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
DDS:.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sam at 21:37:54 on 2011-10-18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.442 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DAF45BA2-608D-4A9F-9FE4-E3B42CDA6A18} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-18 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-18 320856]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-10-18 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-18 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-18 44768]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-10-18 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-10-18 286000]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-10-18 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-10-18 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-10-18 125248]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-10-18 57536]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 135664]
S4 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-6-28 315392]
S4 SeaPort32;SeaPort ;c:\windows\system32\uniplat32.exe --> c:\windows\system32\uniplat32.exe [?]
.
=============== Created Last 30 ================
.
2011-10-19 01:30:32   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-18 22:05:52   --------   d-----w-   c:\documents and settings\sam\local settings\application data\AskToolbar
2011-10-18 22:05:36   --------   d-----w-   c:\program files\Ask.com
2011-10-18 22:05:36   --------   d-----w-   C:\Firefox
2011-10-18 22:05:04   --------   d-----w-   c:\documents and settings\sam\application data\SUPERAntiSpyware.com
2011-10-18 22:03:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-18 22:03:32   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-18 21:58:37   --------   d-----w-   c:\program files\CCleaner
2011-10-18 21:53:27   --------   d-----w-   c:\windows\system32\appmgmt
2011-10-18 21:50:58   --------   d-----w-   c:\documents and settings\sam\application data\PCToolsFirewallPlus
2011-10-18 21:50:35   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-10-18 21:50:35   160576   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-18 21:50:33   251560   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2011-10-18 21:49:50   89472   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-10-18 21:49:50   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-10-18 21:49:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-10-18 21:49:49   --------   d-----w-   c:\program files\common files\PC Tools
2011-10-18 21:49:48   125248   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-10-18 21:49:45   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-10-18 19:06:10   442200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-10-18 19:05:53   41184   ----a-w-   c:\windows\avastSS.scr
2011-10-18 19:05:41   --------   d-----w-   c:\program files\AVAST Software
2011-10-18 19:05:41   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-10-18 18:38:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 18:11:07   --------   d-----w-   c:\documents and settings\sam\application data\Malwarebytes
2011-10-18 18:10:45   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-10-18 18:10:41   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-18 18:10:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-18 17:36:54   388096   ----a-r-   c:\documents and settings\sam\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-18 17:36:54   --------   d-----w-   c:\program files\Trend Micro
2011-10-18 17:29:14   --------   d-----w-   c:\windows\pss
2011-10-11 20:20:45   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-09-26 15:41:20   611328   ------w-   c:\windows\system32\uiautomationcore.dll
.
==================== Find3M  ====================
.
2011-09-26 15:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:11:14   599552   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:25:11   1867904   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:41:46   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-05 02:54:41   203776   --sh--w-   c:\windows\system32\unrar.exe
2011-06-05 02:54:32   203776   --sh--w-   c:\windows\system32\2f72b66660451a582aa4e131820e9887\unrar.exe
.
============= FINISH: 21:41:14.95 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2010 3:04:00 PM
System Uptime: 10/18/2011 8:11:15 PM (1 hours ago)
.
Motherboard: Acer, Inc. |  | Prespa1         
Processor: Intel(R) Celeron(R) M CPU        440  @ 1.86GHz | U2E1 | 1866/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 61.335 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_01101025&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_01101025&REV_03\3&B1BFB68&0&10
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_01101025&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_01101025&REV_03\3&B1BFB68&0&11
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B16D5B&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B16D5B&0&4AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01101025&REV_02\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01101025&REV_02\3&B1BFB68&0&FB
Service:
.
==== System Restore Points ===================
.
RP375: 10/11/2011 1:13:07 AM - System Checkpoint
RP376: 10/11/2011 4:12:57 PM - Avg Update
RP377: 10/11/2011 4:13:21 PM - Avg Update
RP378: 10/18/2011 1:36:53 PM - Installed HiJackThis
RP379: 10/18/2011 2:48:11 PM - Removed AVG Free 9.0
RP380: 10/18/2011 2:52:07 PM - Installed AVG Free 9.0
RP381: 10/18/2011 3:05:41 PM - avast! Free Antivirus Setup
RP382: 10/18/2011 5:53:19 PM - Removed Ask Toolbar.
RP383: 10/18/2011 5:54:20 PM - Removed RegWork.
RP384: 10/18/2011 6:59:19 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Service & Support Tool
att.net Internet Mail
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
Broadcom Driver v4.102.15.56 Installation Program
CCleaner
Fishdom
FrostWire 4.21.1
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB973688)
PC Tools Firewall Plus 7.0
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 7:57:28 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer YOUR-PA86Z1I3G7 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DAF45BA2-608. The master browser is stopping or an election is being forced.
10/18/2011 7:05:37 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).
10/18/2011 7:02:44 PM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for ImagePath with the following error:  Access is denied.
10/18/2011 2:37:14 PM, error: Sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
10/18/2011 1:35:01 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/18/2011 1:34:42 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
10/18/2011 1:34:39 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/18/2011 1:33:57 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
10/11/2011 4:14:52 PM, error: Sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgupd.exe.old' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
10/11/2011 4:05:58 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 4:05:58 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/11/2011 2:33:13 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/11/2011 12:54:50 AM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
10/11/2011 12:51:49 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2011 12:48:49 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2011 12:48:13 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/11/2011 1:33:13 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/11/2011 1:03:13 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

I just updated Java. And I should mention I went to Msconfig and turned off all the stuff that was starting up with comp and on the Services tab I hid all microsoft items and then disabled the rest. . .

[Moderator]

Do not use msconfig to permanently disable the process. Instead, if it is a service go to START - RUN and type: services.msc (then press enter) and disable the service OR, if it a program, you can download & run a simple app such as Mike Lin's Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) to enable, disable, or otherwise manage startup programs.

Well okay I will remember that. Can you just tell me what the diff is, not because I am questioning you, just because I like to know for General purposes. And are you going to be helping me out with these logs? Thanks.

[Malware Removal Specialist]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
What symptoms indicated that the computer was infected?

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [<NO NAME>]
Trusted Zone: $talisma_url$

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

It is a friends laptop, they said they were getting pop ups and it was slow. As for ask, I removed it before posting, but when I d\l'ed superantispy I didn't uncheck. So I will work on al this remove that. When Intially did the first scans, before i posted, there were 165 infections found and two trojans! I'll attach that log just so you can see if you want to. LOADS of crap is on this comp, they didn't even have a firewall.

[regaining space - attachment deleted by admin]

ComboFix 11-10-19.06 - Sam 10/19/2011  21:33:20.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.653 [GMT -4:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Desktop\Malware Protection.lnk
c:\documents and settings\Laci\My Documents\me me me god get it straighht
c:\documents and settings\Laci\My Documents\me me me god get it straighht
c:\documents and settings\Sam\qcvmeokwmd.tmp
c:\windows\system32\385311773\new.i0.kwd
c:\windows\system32\385311773\new.i1.kwd
c:\windows\system32\385311773\new.i10.kwd
c:\windows\system32\385311773\new.i11.kwd
c:\windows\system32\385311773\new.i12.kwd
c:\windows\system32\385311773\new.i13.kwd
c:\windows\system32\385311773\new.i14.kwd
c:\windows\system32\385311773\new.i15.kwd
c:\windows\system32\385311773\new.i2.kwd
c:\windows\system32\385311773\new.i3.kwd
c:\windows\system32\385311773\new.i4.kwd
c:\windows\system32\385311773\new.i5.kwd
c:\windows\system32\385311773\new.i6.kwd
c:\windows\system32\385311773\new.i7.kwd
c:\windows\system32\385311773\new.i8.kwd
c:\windows\system32\385311773\new.i9.kwd
c:\windows\system32\996316901\frt0.rar
c:\windows\system32\996316901\frt0.rar.ver
c:\windows\system32\996316901\frt1.rar
c:\windows\system32\996316901\frt1.rar.ver
c:\windows\system32\996316901\frt10.rar
c:\windows\system32\996316901\frt10.rar.ver
c:\windows\system32\996316901\frt11.rar
c:\windows\system32\996316901\frt11.rar.ver
c:\windows\system32\996316901\frt12.rar
c:\windows\system32\996316901\frt12.rar.ver
c:\windows\system32\996316901\frt13.rar
c:\windows\system32\996316901\frt13.rar.ver
c:\windows\system32\996316901\frt14.rar
c:\windows\system32\996316901\frt14.rar.ver
c:\windows\system32\996316901\frt15.rar
c:\windows\system32\996316901\frt15.rar.ver
c:\windows\system32\996316901\frt2.rar
c:\windows\system32\996316901\frt2.rar.ver
c:\windows\system32\996316901\frt3.rar
c:\windows\system32\996316901\frt3.rar.ver
c:\windows\system32\996316901\frt4.rar
c:\windows\system32\996316901\frt4.rar.ver
c:\windows\system32\996316901\frt5.rar
c:\windows\system32\996316901\frt5.rar.ver
c:\windows\system32\996316901\frt6.rar
c:\windows\system32\996316901\frt6.rar.ver
c:\windows\system32\996316901\frt7.rar
c:\windows\system32\996316901\frt7.rar.ver
c:\windows\system32\996316901\frt8.rar
c:\windows\system32\996316901\frt8.rar.ver
c:\windows\system32\996316901\frt9.rar
c:\windows\system32\996316901\frt9.rar.ver
c:\windows\system32\d3d9caps.dat
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-20 to 2011-10-20  )))))))))))))))))))))))))))))))
.
.
2011-10-20 00:46 . 2011-10-20 00:46   --------   d-----w-   C:\_OTL
2011-10-19 22:27 . 2011-10-19 22:29   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-10-19 22:27 . 2011-10-19 22:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-19 02:41 . 2011-10-19 02:41   --------   d-----w-   c:\program files\Common Files\Java
2011-10-18 22:05 . 2011-10-18 22:05   --------   d-----w-   c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2011-10-18 22:03 . 2011-10-18 22:05   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-18 22:03 . 2011-10-18 22:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-18 21:58 . 2011-10-18 21:58   --------   d-----w-   c:\program files\CCleaner
2011-10-18 21:50 . 2011-10-18 21:51   --------   d-----w-   c:\documents and settings\Sam\Application Data\PCToolsFirewallPlus
2011-10-18 21:50 . 2011-03-02 16:40   160576   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-18 21:50 . 2010-03-29 15:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2011-10-18 21:50 . 2011-01-17 13:10   251560   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2011-10-18 21:49 . 2011-01-12 14:36   89472   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-10-18 21:49 . 2010-02-05 12:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2011-10-18 21:49 . 2011-10-18 21:50   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-10-18 21:49 . 2010-07-08 12:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2011-10-18 21:49 . 2011-01-17 12:11   125248   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2011-10-18 21:49 . 2011-10-18 21:52   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2011-10-18 19:06 . 2011-09-06 20:37   320856   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-10-18 19:06 . 2011-09-06 20:36   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-10-18 19:06 . 2011-09-06 20:38   442200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-10-18 19:06 . 2011-09-06 20:36   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-10-18 19:06 . 2011-09-06 20:36   52568   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-10-18 19:06 . 2011-09-06 20:36   110552   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-10-18 19:06 . 2011-09-06 20:36   104536   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-10-18 19:06 . 2011-09-06 20:33   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-10-18 19:05 . 2011-09-06 20:45   41184   ----a-w-   c:\windows\avastSS.scr
2011-10-18 19:05 . 2011-09-06 20:45   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-10-18 19:05 . 2011-10-18 19:05   --------   d-----w-   c:\program files\AVAST Software
2011-10-18 19:05 . 2011-10-18 19:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-18 18:38 . 2011-10-18 18:38   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 18:11 . 2011-10-18 18:11   --------   d-----w-   c:\documents and settings\Sam\Application Data\Malwarebytes
2011-10-18 18:10 . 2011-10-18 18:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 18:10 . 2011-10-18 18:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-18 18:10 . 2011-08-31 21:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-18 17:36 . 2011-10-18 17:36   388096   ----a-r-   c:\documents and settings\Sam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-18 17:36 . 2011-10-18 17:36   --------   d-----w-   c:\program files\Trend Micro
2011-10-11 20:20 . 2011-10-11 20:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-09-26 15:41 . 2011-09-26 15:41   611328   ------w-   c:\windows\system32\uiautomationcore.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 20:34 . 2010-12-15 15:24   664   ----a-w-   c:\documents and settings\Emma\Local Settings\Application Data\d3d9caps.tmp
2011-10-03 09:06 . 2010-12-12 17:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-12-12 17:03   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2001-08-23 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2001-08-23 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:11 . 2009-05-25 01:49   599552   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:25 . 2009-05-25 01:53   1867904   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2009-05-25 01:53   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-14 09:42   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2008-04-14 09:41   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-14 04:07   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:41 . 2009-05-25 01:49   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-05 02:54   203776   --sh--w-   c:\windows\system32\unrar.exe
2011-06-05 02:54   203776   --sh--w-   c:\windows\system32\2F72B66660451A582AA4E131820E9887\unrar.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\Sam\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-8-17 114688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McComponentHostService"=3 (0x3)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/18/2011 3:06 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/18/2011 3:06 PM 320856]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/18/2011 5:50 PM 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/18/2011 3:06 PM 20568]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [6/28/2011 9:53 PM 315392]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/18/2011 5:50 PM 160576]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10/18/2011 5:49 PM 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/18/2011 5:49 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/18/2011 5:49 PM 125248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2010 5:06 PM 135664]
S2 SeaPort32;SeaPort ;c:\windows\system32\uniplat32.exe --> c:\windows\system32\uniplat32.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2010 5:06 PM 135664]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [10/18/2011 5:49 PM 57536]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 21:06]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1280)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-19  21:50:17
ComboFix-quarantined-files.txt  2011-10-20 01:50
.
Pre-Run: 66,663,899,136 bytes free
Post-Run: 66,655,461,376 bytes free
.
- - End Of File - - 7541C1D3DD25BE30E160632AB03B19ED

========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10192011_204622

Okay there are the logs. My friends have no idea about comps besides they do stuf lol. I have a question about something in your directions, "if you insist on using firefox" What does that mean? Is Firefox not as good anymore? Also another issue I am having with this comp is I cannot seem to get the wireless to conect, I have a cord plugged into from my modem. It tells me no wireless networks are conected, when at the very least my wireless should show up, furthermore I do not even know if the wireless is actually o, don't know which friggin button it is on this thing.

[Malware Removal Specialist]

Could you please update MBAM and run another full scan and post the log?

P2P - I see you have P2P software installed on your machine. (FrostWire)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************

if you insist on using firefox" What does that mean? Is Firefox not as good anymore

Au contraire. FF is one of the better ones. Those instructions were borrowed from someone else and it's not worded correctly.

Also another issue I am having with this comp is I cannot seem to get the wireless to conect, I have a cord plugged into from my modem. It tells me no wireless networks are conected, when at the very least my wireless should show up, furthermore I do not even know if the wireless is actually o, don't know which friggin button it is on this thing.

First of all, try resetting the modem. Unplug the power supply for at least 30 secs.
You can do search for that particular model and you should be able to find the button to disconnect/reconnect the wireless.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F636D000
Module End: F6385000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A92000
Module End: F7A94000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: F63C0374
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: F58C9410
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwAssignProcessToJobObject
Address: F58C8E5A
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwClose
Address: F63E4829
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwConnectPort
Address: F58C8EA2
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateEvent
Address: F63C2996
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: F63C29EE
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateFile
Address: F58C8F5A
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateIoCompletion
Address: F63C2B04
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: F63E41DD
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: F63C28EC
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateProcess
Address: F58C9BEC
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcessEx
Address: F58C9C78
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateSection
Address: F58C8FDA
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateSemaphore
Address: F63C2940
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateThread
Address: F58C9D08
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateTimer
Address: F63C2AB2
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDebugActiveProcess
Address: F58C902A
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteBootEntry
Address: F63C0398
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteFile
Address: F58C9072
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteKey
Address: F58C90BA
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteValueKey
Address: F58C9102
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDuplicateObject
Address: F58C914C
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwEnumerateKey
Address: F63E4D5A
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: F63E4BC5
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: F6427368
Driver Base: F641D000
Driver End: F646A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwFsControlFile
Address: F58C9196
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwLoadDriver
Address: F58C91E0
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwMapViewOfSection
Address: F58C9256
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwModifyBootEntry
Address: F63C03BC
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: F63C2EFC
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: F63C0E54
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: F63C29C6
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: F63C2A16
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenFile
Address: F58C929E
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenIoCompletion
Address: F63C2B2E
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: F58C92EE
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenMutant
Address: F63C2918
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: F63C2BC0
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: F58C9336
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenSemaphore
Address: F63C296E
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: F58C937E
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenTimer
Address: F63C2ADC
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: F58C945E
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwQueryKey
Address: F63E4A40
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: F63C0D1A
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: F63E4892
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: F642F6E2
Driver Base: F641D000
Driver End: F646A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRequestWaitReplyPort
Address: F58C93C6
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRestoreKey
Address: F58C94A6
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwResumeThread
Address: F58C94F4
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSecureConnectPort
Address: F58C95E0
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetBootEntryOrder
Address: F63C03E0
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: F63C0404
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetInformationFile
Address: F58C953C
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetSecurityObject
Address: F58C968C
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetSystemInformation
Address: F63C01BC
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: F63C02F8
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: F58C958C
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwShutdownSystem
Address: F63C02D4
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSuspendProcess
Address: F58C96D6
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSystemDebugControl
Address: F58C971E
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateProcess
Address: F58C9766
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwVdmControl
Address: F63C0428
Driver Base: F63AD000
Driver End: F641D000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteFile
Address: F58C97B4
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwWriteVirtualMemory
Address: F58C97FC
Driver Base: F58BA000
Driver End: F58E0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Lyndy\My Documents\ipod...
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

[Malware Removal Specialist]

I would like to see the MBAM log.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Okay this is the very first scan I ran on this comp. The scans NOW come back clean, but I fear out of all these infections it just may not be 100%
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7974

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/18/2011 2:31:27 PM
mbam-log-2011-10-18 (14-31-27).txt

Scan type: Quick scan
Objects scanned: 240074
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 57

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\SysWoW32 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\documents and settings\Sam\application data\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Not selected for removal.

Files Infected:
c:\RECYCLER\s-1-5-21-1757981266-879983540-1177238915-1005\Dc120.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\Sam\local settings\Temp\att-sst_installer\Setup\motiveclient\AXB.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Lyndy\local settings\temporary internet files\Content.IE5\SBAKS5IM\IWON[1].exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000a5ef274f1324c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000a5ef274f1324o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000a5ef274f1324p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000a5ef274f1324s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000a5ef274f1324c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000a5ef274f1324o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000a5ef274f1324p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000a5ef274f1324s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v12.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v6.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v0.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v10 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v11 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v8 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\@u2124372256v9 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v13.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v14.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v15.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v4.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v5.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v1.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v10 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v10.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v11 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v11.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v2.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v3.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v8 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v8.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v9 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v9.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v10 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v11 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v8 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u2124372256v9 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu2124372256v7.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu2124372256v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\Sam\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Not selected for removal.
HERE IS THE ESET:C:\System Volume Information\_restore{20422179-7EFE-40F7-8EC5-D18EC54C1938}\RP383\A0085731.dll   probably a variant of Win32/Adware.Gamevance.AG application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{20422179-7EFE-40F7-8EC5-D18EC54C1938}\RP383\A0085771.exe   a variant of Win32/Adware.Gamevance.BE application   cleaned by deleting - quarantined


I kno these are poerful tools, but I as just like OW hen MBAM found all of this. So I hope the original MBAAM Log is hat you ere asking for at the begining of your last reply SuperDave.

[Malware Removal Specialist]

Please run the ESET scan and post the log.

HERE IS THE ESET:C:\System Volume Information\_restore{20422179-7EFE-40F7-8EC5-D18EC54C1938}\RP383\A0085731.dll   probably a variant of Win32/Adware.Gamevance.AG application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{20422179-7EFE-40F7-8EC5-D18EC54C1938}\RP383\A0085771.exe   a variant of Win32/Adware.Gamevance.BE application   cleaned by deleting - quarantined

Errr maybe this is it,sorry:

C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll   a variant of Win32/Adware.Yontoo.B application   cleaned by deleting - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-468a4fc0   Java/TrojanDownloader.OpenStream.NCM trojan   cleaned by deleting - quarantined
C:\Users\user\Downloads\Facemoods.exe   a variant of Win32/SweetIM.B application   cleaned by deleting - quarantined
C:\Users\user\Downloads\Webfetti(1).exe   Win32/Toolbar.MyWebSearch application   deleted - quarantined
C:\Users\user\Downloads\Webfetti.exe   Win32/Toolbar.MyWebSearch application   deleted - quarantined
C:\Windows\update.tray-8-0-lnk\svchost.exe   Win32/Delf.QCZ trojan   cleaned by deleting - quarantined