[melange86]

Here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 16, 2009 21:31:34
Records in database: 2186387
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 143431
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 03:19:52


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45EB0BF9.exe Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55523E4F.exe Infected: Worm.Win32.VB.an 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55696436.exe Infected: Worm.Win32.VB.an 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A270CEB.tmp Infected: Worm.Win32.VB.an 1
C:\Qoobox\Quarantine\C\WINDOWS\_wlsc_.xjb.zip Infected: Trojan.Win32.Small.aarn 1

The selected area was scanned.

---------------

And here is the latest DDS logs:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Emily at 21:00:42.00 on Sat 05/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.213 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Emily\Desktop\dds.com.pif
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\26di48gh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\emily\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-28 24652]
S2 2089B345772E4F9C3D4C646BB2A68E90;2089B345772E4F9C3D4C646BB2A68E90;cmd /k start /i "/dC:" "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\LEGACY_Beep" /RESET /Q --> cmd [?]

=============== Created Last 30 ================

2009-05-14 18:16 <DIR> a-dshr-- C:\cmdcons
2009-05-14 18:14 161,792 a------- c:\windows\SWREG.exe
2009-05-14 18:14 98,816 a------- c:\windows\sed.exe
2009-05-10 19:38 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-10 19:28 1,033,216 a------- c:\windows\system32\dllcache\explorer.exe
2009-05-10 19:27 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-05-10 19:08 <DIR> --d----- c:\docume~1\emily\applic~1\WildTangent
2009-05-10 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2009-05-10 18:56 <DIR> --d----- c:\program files\common files\Scanner
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\scripting
2009-04-28 21:10 <DIR> --d----- c:\windows\l2schemas
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\en
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\bits
2009-04-28 21:05 33,656 a------- c:\windows\system32\sprecovr.exe
2009-04-16 21:46 35,328 -------- c:\windows\system32\dllcache\sc.exe

==================== Find3M ====================

2009-05-05 20:26 54,836 a------- c:\docume~1\emily\applic~1\wklnhst.dat
2009-05-02 16:32 89,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-23 22:41 53,248 a------- c:\documents and settings\emily\lametritonus_en.dll
2009-02-23 22:41 162,304 a------- c:\documents and settings\emily\lame_enc_en.dll
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-01-07 21:01 90,528 a------- c:\docume~1\emily\applic~1\GDIPFONTCACHEV1.DAT
2007-08-01 22:52 88 ---shr-- c:\windows\system32\9EEE86D673.sys
2007-08-01 22:52 3,610 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:01:35.12 ===============

and


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/14/2006 4:15:39 PM
System Uptime: 5/16/2009 4:29:43 PM (5 hours ago)

Motherboard: Dell Inc. | | 0WJ770
Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 8.524 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 18.032 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 466 GiB total, 445.812 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP862: 3/29/2009 3:29:03 PM - System Checkpoint
RP863: 3/29/2009 11:11:57 PM - Software Distribution Service 3.0
RP864: 3/30/2009 10:54:36 PM - Software Distribution Service 3.0
RP865: 3/31/2009 7:23:21 PM - Installed HP Unload DLL Patch
RP866: 3/31/2009 11:24:47 PM - Software Distribution Service 3.0
RP867: 4/1/2009 8:28:13 PM - Software Distribution Service 3.0
RP868: 4/2/2009 11:32:00 PM - Software Distribution Service 3.0
RP869: 4/5/2009 2:17:05 PM - Installed Java™ 6 Update 13
RP870: 4/5/2009 3:44:17 PM - Software Distribution Service 3.0
RP871: 4/6/2009 4:40:41 PM - System Checkpoint
RP872: 4/6/2009 10:59:19 PM - Software Distribution Service 3.0
RP873: 4/7/2009 9:21:44 PM - Software Distribution Service 3.0
RP874: 4/8/2009 10:08:47 PM - Software Distribution Service 3.0
RP875: 4/9/2009 11:11:52 PM - Software Distribution Service 3.0
RP876: 4/11/2009 12:59:50 PM - System Checkpoint
RP877: 4/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP878: 4/12/2009 11:42:03 PM - Software Distribution Service 3.0
RP879: 4/14/2009 6:56:11 PM - System Checkpoint
RP880: 4/15/2009 9:34:11 PM - System Checkpoint
RP881: 4/16/2009 10:24:28 PM - System Checkpoint
RP882: 4/17/2009 12:01:15 AM - Software Distribution Service 3.0
RP883: 4/20/2009 2:43:51 PM - System Checkpoint
RP884: 4/21/2009 7:47:17 PM - System Checkpoint
RP885: 4/22/2009 8:55:35 PM - System Checkpoint
RP886: 4/26/2009 9:41:25 PM - System Checkpoint
RP887: 4/28/2009 8:55:12 PM - Software Distribution Service 3.0
RP888: 5/3/2009 4:54:16 PM - System Checkpoint
RP889: 5/4/2009 12:18:39 AM - Software Distribution Service 3.0
RP890: 5/5/2009 8:56:39 PM - System Checkpoint
RP891: 5/6/2009 9:22:07 PM - System Checkpoint
RP892: 5/10/2009 5:11:22 PM - System Checkpoint
RP893: 5/10/2009 7:22:03 PM - Software Distribution Service 3.0
RP894: 5/11/2009 8:03:12 PM - System Checkpoint
RP895: 5/13/2009 8:35:42 PM - System Checkpoint
RP896: 5/14/2009 8:53:42 PM - System Checkpoint

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
3ivx D4 4.5.1 (remove only)
AC3Filter (remove only)
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.2
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
AiO_Scan
AIOMinimal
AiOSoftware
Alien Skin Exposure
Alien Skin Exposure 2 Demo
Andrea VoiceCenter
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BitComet 1.03
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catz 5
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
ConvertHelper 2.1
Copy
Creative MediaSource
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Director
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
Documentation & Support Launcher
EducateU
ELIcon
Fax
FLV Player 2.0, build 24
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java™ 6 Update 13
Java™ 6 Update 7
Last.fm 1.5.1.29527
Learn2 Player (Uninstall Only)
Linksys Wireless-G PCI Adapter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Move Media Player
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mulberry
Neat Image v5 Demo (with plug-in)
NetWaiting
overland
PDF Settings
PetzA 2.2.5
PhotoGallery
PowerDVD
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SkinsHP1
SkinsHP2
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Symantec KB-DocID:2003093015493306
TrayApp
Ulead MediaStudio Pro 8.0
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VideoLAN VLC media player 0.8.6a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
XviD MPEG-4 Video Codec
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

5/16/2009 4:58:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 9FF83F9FD1C995BA5B4E6CF5489E5F27 service to connect.
5/16/2009 4:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CDEB847CF1C8DBB2D69B884A8C7F1BE4 service to connect.
5/16/2009 4:57:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 1C3592BF8DEDBB002A896ED1F0DA5936 service to connect.
5/16/2009 4:57:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 4B38E79CAEDD0208A5D78A1735BC2403 service to connect.
5/16/2009 4:57:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the A5AAF30ABA99FBFA4A992FD33D597151 service to connect.
5/16/2009 4:54:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AA762318B8E63E69B2AB74D7883E8A8C service to connect.
5/14/2009 7:56:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HESKETT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A372FA7D-B25B-4945-8. The master browser is stopping or an election is being forced.
5/14/2009 7:54:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 66C4F9E4629D7EAF01FF61F770DE08CA service to connect.
5/14/2009 7:54:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 2089B345772E4F9C3D4C646BB2A68E90 service to connect.
5/14/2009 7:54:21 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/14/2009 7:52:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AF520601DBD601431BD491E62629D7B5 service to connect.
5/14/2009 7:48:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 35C8193204E38ED9F3391EA9355E4571 service to connect.

==== End Of File ===========================

In a little while, I will try to fix the Windows Installer issue.

[Advertisements]

Ok. Shall wait for results of those steps mentioned in post #14.

[Blade81]

Ok. Shall wait for results of those steps mentioned in post #14.

[melange86]

Sorry it took so long.

The C:/locations.txt was there and it said this:

Volume in drive C has no label.
Volume Serial Number is F433-2303

When I went to the Registry Editor, it showed this:

[Blade81]

The C:/locations.txt was there and it said this:

Volume in drive C has no label.
Volume Serial Number is F433-2303

Hi

Did it list any locations for msiexec.exe file there?

[melange86]

Let me try it again. I don't think I waited long enough the first time, sorry! Here it is:

Volume in drive C has no label.
Volume Serial Number is F433-2303

Directory of C:\i386

05/04/2005 07:45 PM 78,848 msiexec.exe
1 File(s) 78,848 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

05/04/2005 07:45 PM 78,848 msiexec.exe
1 File(s) 78,848 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 78,848 msiexec.exe
1 File(s) 78,848 bytes

Directory of C:\WINDOWS\system32

05/04/2005 07:45 PM 78,848 msiexec.exe
1 File(s) 78,848 bytes

Total Files Listed:
4 File(s) 315,392 bytes
0 Dir(s) 9,615,695,872 bytes free

Edited by melange86, 17 May 2009 - 01:20 PM.

[Blade81]

Ok, the file exists. Good.

Click Start, click Run, type msiexec /regserver in the Open text box, and then click OK.

After that try to uninstall old Adobe Reader and Java versions again. Let me know how that goes

[melange86]

It worked -- I was able to delete the Java things and Adobe Reader. Yay! Thanks. What should I do next?

[Blade81]

Great

Now you may install latest Adobe Reader or one of the alternatives listed in post #12 if you need pdf reader.

Then post a fresh dds.txt log and let me know how's the system running.

[melange86]

I downloaded the latest Adobe Reader. And the system is running pretty well. Things I didn't even know were wrong are back! I just have one question. When I turned on my computer this afternoon, I received this message when my desktop popped up:



Is this a problem?

Also, if we're finished, what Anti-Virus program would you recommend I download/buy? I've only ever had Norton, but I've heard some good things about McAfee and I've had friends recommend AVG.

And if we're done, should I delete all of the programs like DDS, ComboFix, and RSIT? Just checking.

Here's the fresh DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Emily at 14:06:07.65 on Mon 05/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.164 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Emily\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\Desktop\dds.com.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\26di48gh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\emily\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-28 24652]
S2 2089B345772E4F9C3D4C646BB2A68E90;2089B345772E4F9C3D4C646BB2A68E90;cmd /k start /i "/dC:" "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\LEGACY_Beep" /RESET /Q --> cmd [?]

=============== Created Last 30 ================

2009-05-14 18:16 <DIR> a-dshr-- C:\cmdcons
2009-05-14 18:14 161,792 a------- c:\windows\SWREG.exe
2009-05-14 18:14 98,816 a------- c:\windows\sed.exe
2009-05-10 19:38 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-10 19:28 1,033,216 a------- c:\windows\system32\dllcache\explorer.exe
2009-05-10 19:27 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-05-10 19:08 <DIR> --d----- c:\docume~1\emily\applic~1\WildTangent
2009-05-10 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2009-05-10 18:56 <DIR> --d----- c:\program files\common files\Scanner
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\scripting
2009-04-28 21:10 <DIR> --d----- c:\windows\l2schemas
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\en
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\bits
2009-04-28 21:05 33,656 a------- c:\windows\system32\sprecovr.exe

==================== Find3M ====================

2009-05-17 23:33 54,832 a------- c:\docume~1\emily\applic~1\wklnhst.dat
2009-05-02 16:32 89,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-23 22:41 53,248 a------- c:\documents and settings\emily\lametritonus_en.dll
2009-02-23 22:41 162,304 a------- c:\documents and settings\emily\lame_enc_en.dll
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-01-07 21:01 90,528 a------- c:\docume~1\emily\applic~1\GDIPFONTCACHEV1.DAT
2007-08-01 22:52 88 ---shr-- c:\windows\system32\9EEE86D673.sys
2007-08-01 22:52 3,610 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:06:57.98 ===============

[Blade81]

Hi again

Let's try to tackle that error you're receiving.

Open notepad and copy/paste the text in the quotebox below into it:

Driver::
2089B345772E4F9C3D4C646BB2A68E90

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log. Reboot (if ComboFix didn't make you to reboot) and check if that error in screenshot still shows up. I'll give you hints for the future after this issue is out of sight first


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[melange86]

After I ran the CFScript through ComboFix and rebooted, I no longer had the error message when I turned the computer on. Here is the ComboFix log:

ComboFix 09-05-16.03 - Emily 05/18/2009 16:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.217 [GMT -4:00]
Running from: c:\documents and settings\Emily\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Emily\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Emily\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Emily\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_2089B345772E4F9C3D4C646BB2A68E90
-------\Service_2089B345772E4F9C3D4C646BB2A68E90


((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-13 00:59 . 2009-05-13 01:00 -------- d-----w C:\rsit
2009-05-10 23:38 . 2009-05-10 23:44 -------- d-----w c:\windows\ServicePackFiles
2009-05-10 23:28 . 2007-06-13 10:23 1033216 ----a-w c:\windows\system32\dllcache\explorer.exe
2009-05-10 23:27 . 2004-08-04 03:01 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 23:08 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\Emily\Application Data\WildTangent
2009-05-10 23:07 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-05-10 22:56 . 2009-05-10 22:56 -------- d-----w c:\program files\Common Files\Scanner
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\scripting
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\l2schemas
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\en
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\system32\bits
2009-04-29 01:05 . 2007-08-11 00:46 33656 ----a-w c:\windows\system32\sprecovr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 03:33 . 2006-09-14 23:11 54832 ----a-w c:\documents and settings\Emily\Application Data\wklnhst.dat
2009-05-17 21:02 . 2006-09-12 02:49 -------- d-----w c:\program files\Common Files\Adobe
2009-05-17 20:31 . 2006-09-12 02:22 -------- d-----w c:\program files\Java
2009-05-15 00:36 . 2006-09-15 00:55 -------- d-----w c:\program files\LimeWire
2009-05-11 20:11 . 2006-09-14 20:56 90528 ----a-w c:\documents and settings\Emily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 23:38 . 2006-09-14 20:28 -------- d-----w c:\program files\Yahoo!
2009-04-14 01:12 . 2006-09-14 21:34 -------- d-----w c:\program files\iTunes
2009-04-14 01:12 . 2009-04-14 01:12 -------- d-----w c:\program files\iPod
2009-04-14 01:11 . 2007-07-02 03:12 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 01:09 . 2009-04-14 01:09 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-02-19 16:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2009-05-10 23:28 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 02:41 . 2009-02-24 02:41 53248 ----a-w c:\documents and settings\Emily\lametritonus_en.dll
2009-02-24 02:41 . 2009-02-24 02:41 162304 ----a-w c:\documents and settings\Emily\lame_enc_en.dll
2009-02-20 18:09 . 2005-08-16 08:18 78336 ----a-w c:\windows\system32\ieencode.dll
2007-08-02 02:52 . 2006-09-14 22:09 88 --sh--r c:\windows\system32\9EEE86D673.sys
2007-08-02 02:52 . 2006-09-14 22:09 3610 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-14_23.54.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 20:33 . 2009-05-18 20:33 16384 c:\windows\Temp\Perflib_Perfdata_a88.dat
+ 2009-05-18 20:44 . 2009-05-18 20:44 16384 c:\windows\Temp\Perflib_Perfdata_4ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-12 185784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-11 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8760:TCP"= 8760:TCP:BitComet 8760 TCP
"8760:UDP"= 8760:UDP:BitComet 8760 UDP
"16213:TCP"= 16213:TCP:BitComet 16213 TCP
"16213:UDP"= 16213:UDP:BitComet 16213 UDP
"17453:TCP"= 17453:TCP:BitComet 17453 TCP
"17453:UDP"= 17453:UDP:BitComet 17453 UDP
"7711:TCP"= 7711:TCP:BitComet 7711 TCP
"7711:UDP"= 7711:UDP:BitComet 7711 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2007 1:35 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Emily\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-979388181-2800075177-83406188-1005\Software\SecuROM\License information*]
"datasecu"=hex:fc,de,d8,19,35,4b,f7,73,73,47,6e,b5,c6,56,f1,cb,63,27,b9,8b,75,
9c,79,81,52,f1,96,1e,e4,ce,50,47,62,d4,e2,97,e2,b7,f5,2a,7a,7e,38,c1,c8,eb,\
"rkeysecu"=hex:73,31,f9,4f,33,05,85,d1,76,19,ea,fe,1b,e7,8b,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\docume~1\Emily\LOCALS~1\temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-05-18 16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 20:52
ComboFix2.txt 2009-05-16 21:01
ComboFix3.txt 2009-05-15 00:03

Pre-Run: 9,130,704,896 bytes free
Post-Run: 9,188,085,760 bytes free

199 --- E O F --- 2009-05-11 19:51

and here is the DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Emily at 16:53:56.75 on Mon 05/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.198 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\Emily\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Emily\Desktop\dds.com.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\26di48gh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\emily\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-28 24652]

=============== Created Last 30 ================

2009-05-14 18:16 <DIR> a-dshr-- C:\cmdcons
2009-05-14 18:14 161,792 a------- c:\windows\SWREG.exe
2009-05-14 18:14 98,816 a------- c:\windows\sed.exe
2009-05-10 19:38 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-10 19:28 1,033,216 a------- c:\windows\system32\dllcache\explorer.exe
2009-05-10 19:27 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-05-10 19:08 <DIR> --d----- c:\docume~1\emily\applic~1\WildTangent
2009-05-10 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2009-05-10 18:56 <DIR> --d----- c:\program files\common files\Scanner
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\scripting
2009-04-28 21:10 <DIR> --d----- c:\windows\l2schemas
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\en
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\bits
2009-04-28 21:05 33,656 a------- c:\windows\system32\sprecovr.exe

==================== Find3M ====================

2009-05-17 23:33 54,832 a------- c:\docume~1\emily\applic~1\wklnhst.dat
2009-05-02 16:32 89,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-23 22:41 53,248 a------- c:\documents and settings\emily\lametritonus_en.dll
2009-02-23 22:41 162,304 a------- c:\documents and settings\emily\lame_enc_en.dll
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-01-07 21:01 90,528 a------- c:\docume~1\emily\applic~1\GDIPFONTCACHEV1.DAT
2007-08-01 22:52 88 ---shr-- c:\windows\system32\9EEE86D673.sys
2007-08-01 22:52 3,610 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:54:21.14 ===============

Edited by melange86, 18 May 2009 - 03:00 PM.

[Blade81]

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now type "c:\documents and settings\Emily\Desktop\ComboFix.exe" /u in the runbox and click OK

You may delete these too:

• dds.com.pif file
• rsit.exe file
• c:\rsit folder
• created logs

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• Download Adaware
  Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
  The program is available for download here
• Download Spybot
  Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
  To see how to set this up as well as more spybot features, see here
  Spybot can be downloaded at this location
• Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
  Antivir
  Avast!
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
  If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

[melange86]

Things are amazing! Thank you so much. I wish there was something else I could do to thank you -- you did all this for free and it took up so much of your time! Thanks so much.

I did everything you recommended except I have yet to install the Anti-virus program. I'm about to do that in a second, but I wanted to see if you thought it was important to upgrade to a paid version of an anti-virus program. I was going to download Antivir and I see that it wants you to upgrade to the premium version -- how important is that? I'm going to go download the free one here in a second, just to be safe for now.

The only thing I had a problem with was the Windows Update. I don't use Internet Explorer -- I use Firefox. I updated IE anyway, just to be safe and changed the settings like you recommended, although I won't be using it. I very rarely open IE -- only when something in Firefox doesn't work and I want to see if it's the same in another browser. But I have Windows Update automatically turned on on my computer -- but when I went to see if I had any updates, I got this error message:



What should I do?

[Blade81]

Hi again,

That seems to be a result of corrupted IE installation.

Was it Internet Explorer 8 you installed? Please uninstall it thru add/remove programs and then try getting a copy from here.

If it was an update to Internet Explorer 7 you installed, then uninstall Internet Explorer 7 thru add/remove programs and get a copy from here.

[melange86]

Sorry I haven't replied! I had a busy week. Yes, I installed IE 8. So I will go ahead and uninstall it and try with the link you provided. Thanks!