"application cannot be executed *****.exe is infected"

[sleepr]

Ok, I ran through the steps, mentioned elsewhere. I did have a few issues. I often had to restart the computer so that I could open the program quickly before the trojan/virus took over, it appears that issue is fixed. When I tried to rename hijack this, I could not find it in the program files, it was in a windows folder "prefetch" when I renamed it it gave me an error message so I ran it from it's location. logs follow. Thank you in advance! OS Windows XP

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2010 at 03:29 PM

Application Version : 4.46.1000

Core Rules Database Version : 5907
Trace Rules Database Version: 3719

Scan type       : Complete Scan
Total Scan Time : 01:16:59

Memory items scanned      : 466
Memory threats detected   : 0
Registry items scanned    : 6023
Registry threats detected : 0
File items scanned        : 44048
File threats detected     : 2

Adware.Tracking Cookie
   .doubleclick.net [ C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\cookies.sqlite ]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5264

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07/12/2010 4:14:25 PM
mbam-log-2010-12-07 (16-14-25).txt

Scan type: Quick scan
Objects scanned: 130411
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkymswux (Trojan.Downloader) -> Value: qkymswux -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\my name\Local Settings\Temp\hfthwsrwm\byauwfmaffm.exe (Trojan.Downloader) -> Delete on reboot.

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:40:35 PM, on 07/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\my name\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywinnipeg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:43902
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SacReminderHDDV2] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200973999578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200976591625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8118 bytes


[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello and welcome to

Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please uninstall HJT. Download this one and install it in it's default location and post another log.

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

***************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[sleepr]

Hi Dave, thanks for the help. When I go to the add/remove programs the HJT does not show up in the list, is there another way to uninstall it?

[SuperDave]

When I go to the add/remove programs the HJT does not show up in the list, is there another way to uninstall it?

It's here. It was running from the incorrect place and I couldn't use it. The path is below.
C:\Documents and Settings\my name\My Documents\Downloads\HijackThis.exe

[sleepr]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:34 PM, on 09/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywinnipeg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:43902
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 1372472 bytes, MD5 C080735EC3D2D15CF13D44E5A1846BA9)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 3F59EDE1444C14CFBAA15C7EBBFE6196)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 79648 bytes, MD5 BEE32BCE0D0A5BF5692D9020BD0C0636)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (filesize 163128 bytes, MD5 65E9CBDFE35A33EF264E3C8BF38F9791)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 1372472 bytes, MD5 C080735EC3D2D15CF13D44E5A1846BA9)
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (filesize 48752 bytes, MD5 696F43558EA1C4BFF475A4B8ECC5CAC4)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeC:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 392845E8D49B5F0E81AAC4D795000A8C)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (filesize 248552 bytes, MD5 93DB1FF92B03D24738A71E6E4992DFD3)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 421888 bytes, MD5 49385AFEE6EDFA0A0177BE6651AADD77)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 421160 bytes, MD5 DDACBCA1D0E66BBA5C984842F372A6D4)
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s (filesize 2676696 bytes, MD5 FFC7CF5E4DAEDC38A818E9890EF337D2)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (filesize 206112 bytes, MD5 6DA7C93AB37B4A204BFCAE9FA07FF48D)
O4 - HKCU\..\Run: [SacReminderHDDV2] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exeC:\Documents and Settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet (filesize 5252408 bytes, MD5 C0D12E6C85FC6DD7FF1DBB04F2DC933B)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (filesize 118784 bytes, MD5 67B2E7B6AE3B400D832F0456068EA83D)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200973999578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200976591625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeC:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10433 bytes

Results of screen317's Security Check version 0.99.6 
 Windows XP Service Pack 3 
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Symantec AntiVirus     
 PC Tools Firewall Plus 7.0 
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 CCleaner     
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 5 
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player 10.0.32.18 
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
 Mozilla Firefox (3.5.15) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Symantec AntiVirus DefWatch.exe   
 Symantec AntiVirus Rtvscan.exe   
 PC Tools Firewall Plus FirewallGUI.exe   
 PC Tools Firewall Plus FWService.exe   
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


ComboFix 10-12-08.04 - my name 09/12/2010  22:03:58.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.247 [GMT -6:00]
Running from: c:\documents and settings\my name\Desktop\commy.exe.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Install.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowj+|Cv+@J:NGD_DQ{zcxLJS@b^OueWU Client DownloadS-1-5-18`HT4??  6VwoQZCDHM6VwoQZCDHMXuEIy<cxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvte.com
.
(((((((((((((((((((((((((   Files Created from 2010-11-10 to 2010-12-10  )))))))))))))))))))))))))))))))
.

2010-12-09 23:01 . 2010-12-09 23:01   --------   d-----w-   c:\program files\Trend Micro
2010-12-07 23:19 . 2010-12-07 23:19   --------   d-----w-   c:\documents and settings\my name\Application Data\PCToolsFirewallPlus
2010-12-07 23:18 . 2010-11-25 16:53   160448   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-07 23:18 . 2010-03-29 17:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-12-07 23:18 . 2010-11-17 16:19   249616   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-12-07 23:17 . 2010-12-09 23:23   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-12-07 23:17 . 2010-12-07 23:18   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-12-07 23:17 . 2010-11-24 15:18   89192   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-12-07 23:17 . 2010-07-08 15:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-12-07 23:17 . 2010-02-05 15:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-12-07 23:17 . 2010-11-25 16:42   124992   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-12-07 23:17 . 2010-12-07 23:19   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-12-07 21:52 . 2010-12-07 21:52   --------   d-----w-   c:\documents and settings\my name\Application Data\Malwarebytes
2010-12-07 21:52 . 2010-11-29 23:42   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 21:52 . 2010-12-07 21:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 21:52 . 2010-12-07 21:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-12-07 21:52 . 2010-11-29 23:42   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-07 20:02 . 2010-12-07 20:02   --------   d-----w-   c:\documents and settings\my name\Application Data\SUPERAntiSpyware.com
2010-12-07 20:02 . 2010-12-07 20:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-07 20:00 . 2010-12-07 20:02   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-07 19:38 . 2010-12-07 19:38   --------   d-----w-   c:\program files\CCleaner
2010-12-06 22:06 . 2010-12-06 22:06   --------   d-----w-   c:\documents and settings\my name\Local Settings\Application Data\Yahoo
2010-12-06 21:59 . 2010-12-07 16:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-12-06 21:59 . 2010-12-06 22:00   --------   d-----w-   c:\documents and settings\my name\Application Data\Yahoo!
2010-12-06 21:58 . 2010-12-06 21:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2010-12-06 21:55 . 2010-12-06 21:59   --------   d-----w-   c:\program files\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2002-10-01 13:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-10-01 13:00   974848   ----a-w-   c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-10-01 13:00   954368   ----a-w-   c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-10-01 13:00   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-08-15 17:27   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2008-03-25 13:28   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-09-13 17:22 . 2010-09-13 17:22   69632   ----a-r-   c:\documents and settings\my name\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2010-09-13 17:22 . 2010-09-13 17:22   413696   ----a-r-   c:\documents and settings\my name\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2010-09-13 17:22 . 2010-09-13 17:22   413696   ----a-r-   c:\documents and settings\my name\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2010-09-13 17:22 . 2010-09-13 17:22   413696   ----a-r-   c:\documents and settings\my name\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SacReminderHDDV2"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2\reminder\SacReminder.exe" [2010-05-05 501640]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG -off" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-1-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [21/01/2008 9:00 PM 29344]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [07/12/2010 5:18 PM 249616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 12:41 PM 67656]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [07/12/2010 5:18 PM 160448]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [21/01/2008 9:40 PM 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [21/01/2008 9:40 PM 19534]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [07/12/2010 5:17 PM 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [07/12/2010 5:17 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [07/12/2010 5:17 PM 124992]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [07/12/2010 5:17 PM 57536]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI10
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mywinnipeg.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:43902
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mywinnipeg.com/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\my name\Application Data\Mozilla\Firefox\Profiles\fx49hfxn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 22:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-09  22:25:03
ComboFix-quarantined-files.txt  2010-12-10 04:24

Pre-Run: 14,485,835,776 bytes free
Post-Run: 14,476,328,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 663BEDAB0DF9028BF984AC269FCC36E3

[SuperDave]

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:43902
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:43902
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this script.
  

********************************************
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

[sleepr]

Ok Hijack this only the r1 file was there here is the gmer text

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 21:05:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75DEA0 rev.05.03E05
Running: gmer.exe; Driver: C:\DOCUME~1\CRAIGS~1\LOCALS~1\Temp\fxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwAllocateVirtualMemory [0xEC3F5394]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwAssignProcessToJobObject [0xEC3F4DDE]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwConnectPort [0xEC3F4E26]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwCreateFile [0xEC3F4EDE]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwCreateProcess [0xEC3F5B70]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwCreateProcessEx [0xEC3F5BFC]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwCreateSection [0xEC3F4F5E]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwCreateThread [0xEC3F5C8C]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwDebugActiveProcess [0xEC3F4FAE]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwDeleteFile [0xEC3F4FF6]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwDeleteKey [0xEC3F503E]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwDeleteValueKey [0xEC3F5086]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwDuplicateObject [0xEC3F50D0]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwFsControlFile [0xEC3F511A]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwLoadDriver [0xEC3F5164]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwMapViewOfSection [0xEC3F51DA]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwOpenFile [0xEC3F5222]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwOpenKey [0xEC3F5272]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwOpenSection [0xEC3F52BA]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwOpenThread [0xEC3F5302]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwProtectVirtualMemory [0xEC3F53E2]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwRequestWaitReplyPort [0xEC3F534A]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwRestoreKey [0xEC3F542A]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwResumeThread [0xEC3F5478]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSecureConnectPort [0xEC3F5564]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSetInformationFile [0xEC3F54C0]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSetSecurityObject [0xEC3F5610]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSetValueKey [0xEC3F5510]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSuspendProcess [0xEC3F565A]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwSystemDebugControl [0xEC3F56A2]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwTerminateProcess [0xEC3F56EA]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwWriteFile [0xEC3F5738]
SSDT            \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools)                            ZwWriteVirtualMemory [0xEC3F5780]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 450                                                                          804E2ABC 4 Bytes  JMP 6FEC3F56
?               C:\commy.exe\catchme.sys                                                                                          The system cannot find the path specified. !
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                        The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]    [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]      [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]      [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject]      [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]     [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]   [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]     [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject]     [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]  [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]  [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]    [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]    [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA]    [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW]    [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor]       [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu]    [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx]  [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject]     [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]  [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]  [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]  [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow]     [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx]  [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA]    [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor]       [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW]    [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush]  [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT             C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu]    [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device                                                                                                                            Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                          pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                         pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                         pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                       pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device                                                                                                                            mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[SuperDave]

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[sleepr]

Eset scan said no threats found, did not show a list of found threats. so I could not save any log

The machine is running better but i am getting a windows error message after the startup is complete, saying "the system has recovered from a serious issue"

[SuperDave]

The machine is running better but i am getting a windows error message after the startup is complete, saying "the system has recovered from a serious issue"

Let's try a file scan. Please do this even if you don't have the XP disk. During the scan, if it asks for the disk, we'll know there's a problem with the files.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue  progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.