Solved WinAntiSpyware and a Dialer removal

Here's a new error:

The windows Installer Service could not be accessed. This can occurr if you are running windows in safe mode, or if windows installer is not correctly installed. Contact your support personnel for assistance.

 

Ackkk! I missed one.

Please see if you can manually delete C:\WINDOWS\system32\5W3qdc2O.exe

See if you can install the latest Windows Installer

Is the Admin account still available at the Welcome screen?

 

Went in to try and start the installer service manually.
"Could not start Windows Installer Device on local computer.
ERROR 1084:This service cannot be started in safe mode ".
We're back to that again.

 

Click Start>Run and type (or paste) the following command, then hit enter.

notepad c:\boot.ini

Post the contents of the file that opens. Don't change anything!

 

Please copy and paste the contents of the code box below into a command window and post the resulting text file.

Code:

reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot>safe.txt
reg query  "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ">>safe.txt
reg query HKCU\Environment>>safe.txt
start notepad safe.txt
exit
cls

 

Ok, let's get back in sync
I was able to manually delete 5W3qdc2O.exe.

I was able to update the windows installer! Yeah, something worked

Yes, the Administrator account is still there.

and here's the boot .ini file

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
AlternateShell REG_SZ cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\ADS;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin;C:\Program Files\EarthLink\EarthLink Protection Control Center\CoreBin
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_REVISION REG_SZ 0403
NUMBER_OF_PROCESSORS REG_SZ 2
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
RoxioCentral REG_SZ C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SAFEBOOT_OPTION REG_SZ NETWORK

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\Local Settings\Temp

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
 "SAFEBOOT_OPTION "=-

Double click fix.reg and allow it to merge with the registry, then delete fix.reg.


Right click My Computer and select Properties
Select the Advanced tab
Click Environment Variables button
Scroll through the list and look for an entry that says SAFEBOOT_OPTION
If found, delete the SAFEBOOT_OPTION entry (and only that entry).

Restart the machine and see if things appear to be normal again.

 

What a great little reg-fix. That's one worth saving!
Update:
Your little registry fix worked like a charm. I'm back up in NORMAL mode!
Removed the old Java and was able to update to the latest.
I'm running the Kaspersky scan now. I'll post as soon as it's done.
I want to give you one of those little green box/reputation thingies, it's well deserved.

 

That's great news!

Post a fresh RSIT log along with the Kaspersky results please.

 

Kaspersky ran for an hour and a half and the log was completely empty. Nothing.... Nada!
I hope it's because the system is clean and not because of another glitch.

Logfile of random's system information tool 1.02 (written by random/random)
Run by Don at 2008-09-27 22:32:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (74%) free of 149 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:01 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Local Settings\temp\jkos-Don\binaries\ScanningProcess.exe
C:\Documents and Settings\Don\Local Settings\temp\jkos-Don\binaries\ScanningProcess.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Don.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137525022796
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: AuthFw - Unknown owner - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 7860 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]
ElnkBhoGuard Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]
ElnkScamBHO Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2007-07-19 255464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2007-07-19 415208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2007-07-19 280040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2007-07-19 878056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-07-20 94208]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-07-20 77824]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-07-20 114688]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"RoxioDragToDisc "=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-10-20 1687552]
"Earthlink Protection Control Center "=C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe [2007-08-08 67048]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"Creative Detector "=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6uxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7xbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8fhxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0cexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati2jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6uxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7xbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8fhxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service "
"C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "= "C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows "
"C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe:*:Enabled:VideoWave 8 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 1 months======

2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\java.exe
2008-09-27 20:38:10 ----D---- C:\Program Files\Common Files\Java
2008-09-27 20:31:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 19:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-09-27 19:57:51 ----D---- C:\WINDOWS\LastGood
2008-09-27 19:52:48 ----SHD---- C:\RECYCLER
2008-09-27 19:34:57 ----D---- C:\WINDOWS\temp
2008-09-27 19:34:55 ----A---- C:\ComboFix.txt
2008-09-27 16:49:37 ----A---- C:\WINDOWS\system32\subinacl.exe
2008-09-26 19:16:16 ----D---- C:\Program Files\Panda Security
2008-09-23 16:28:40 ----D---- C:\WINDOWS\erdnt
2008-09-23 16:28:24 ----D---- C:\QooBox
2008-09-23 16:28:22 ----A---- C:\WINDOWS\zip.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\VFind.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\SWSC.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swreg.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\sed.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\grep.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 19:54:21 ----D---- C:\rsit
2008-09-22 19:30:23 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2008-09-22 19:30:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 19:30:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 08:40:52 ----D---- C:\Program Files\Trend Micro
2008-09-20 20:52:47 ----D---- C:\WINDOWS\pss
2008-09-20 16:45:57 ----D---- C:\Program Files\RegCleaner
2008-09-18 18:33:20 ----D---- C:\Documents and Settings\Don\Application Data\ScamBlocker
2008-09-18 18:28:56 ----D---- C:\Program Files\Common Files\EarthLink
2008-09-18 17:16:57 ----D---- C:\Documents and Settings\Don\Application Data\aAvgApi
2008-09-18 16:34:35 ----D---- C:\Program Files\AVG
2008-09-18 16:34:29 ----D---- C:\Program Files\McAfee
2008-09-18 16:34:07 ----D---- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-09-18 16:34:05 ----D---- C:\Program Files\Common Files\ADS
2008-09-18 16:34:03 ----D---- C:\Documents and Settings\Don\Application Data\InstallShield
2008-09-18 16:30:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 19:00:01 ----D---- C:\Program Files\Common Files\ADS(2)
2008-09-10 07:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 07:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 18:14:10 ----SHD---- C:\WINDOWS\CSC
2008-09-08 18:07:51 ----A---- C:\WINDOWS\webica.ini
2008-09-08 18:01:09 ----D---- C:\Program Files\Citrix
2008-09-01 22:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-29 17:21:19 ----D---- C:\WINDOWS\Prefetch
2008-08-29 17:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-29 17:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-29 17:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-29 17:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-29 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 17:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-29 17:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-29 17:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 17:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-29 17:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-29 17:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-29 17:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\en-us
2008-08-29 17:12:46 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 17:12:46 ----D---- C:\WINDOWS\l2schemas
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\en
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\bits
2008-08-29 17:10:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-29 17:08:50 ----D---- C:\WINDOWS\network diagnostic
2008-08-29 17:04:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

======List of files/folders modified in the last 1 months======

2008-09-27 20:44:07 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 20:43:45 ----SHD---- C:\WINDOWS\Installer
2008-09-27 20:43:35 ----HD---- C:\Config.Msi
2008-09-27 20:43:33 ----D---- C:\WINDOWS\system32
2008-09-27 20:43:33 ----D---- C:\Program Files\Java
2008-09-27 20:38:10 ----D---- C:\Program Files\Common Files
2008-09-27 20:33:32 ----D---- C:\WINDOWS
2008-09-27 20:32:03 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-27 19:58:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-27 19:57:59 ----HD---- C:\WINDOWS\inf
2008-09-27 19:34:58 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 19:34:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-27 19:31:59 ----D---- C:\Program Files\Linksys EasyLink Advisor
2008-09-27 19:31:13 ----A---- C:\WINDOWS\system.ini
2008-09-27 19:21:58 ----D---- C:\WINDOWS\AppPatch
2008-09-27 19:20:41 ----SD---- C:\WINDOWS\Tasks
2008-09-27 17:11:41 ----D---- C:\WINDOWS\security
2008-09-27 14:55:01 ----D---- C:\WINDOWS\Debug
2008-09-26 19:16:16 ----D---- C:\Program Files
2008-09-24 19:53:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-23 17:49:55 ----RSD---- C:\WINDOWS\assembly
2008-09-23 17:49:46 ----D---- C:\Program Files\EarthLink
2008-09-23 17:45:32 ----SD---- C:\Documents and Settings\Don\Application Data\Microsoft
2008-09-20 17:00:26 ----D---- C:\WINDOWS\WinSxS
2008-09-20 17:00:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 14:18:11 ----A---- C:\WINDOWS\win.ini
2008-09-18 19:29:58 ----D---- C:\Documents and Settings
2008-09-18 19:28:53 ----A---- C:\WINDOWS\wininit.ini
2008-09-18 18:51:06 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2008-09-18 17:59:38 ----D---- C:\Katie
2008-09-18 16:38:02 ----D---- C:\WINDOWS\system32\config
2008-09-18 16:37:03 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 16:36:59 ----D---- C:\WINDOWS\Registration
2008-09-18 16:33:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-17 04:53:00 ----SHD---- C:\System Volume Information
2008-09-17 04:53:00 ----D---- C:\WINDOWS\system32\Restore
2008-09-14 11:51:49 ----D---- C:\Documents and Settings\Don\Application Data\Canon
2008-09-08 18:04:41 ----D---- C:\Documents and Settings\Don\Application Data\ICAClient
2008-09-02 18:19:45 ----D---- C:\Family Photos
2008-09-02 16:36:25 ----D---- C:\WINDOWS\Help
2008-09-01 20:50:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 22:24:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-29 17:24:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-29 17:20:58 ----D---- C:\WINDOWS\system32\Setup
2008-08-29 17:20:56 ----RSD---- C:\WINDOWS\Fonts
2008-08-29 17:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 17:16:35 ----D---- C:\Program Files\Messenger
2008-08-29 17:12:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-29 17:12:59 ----D---- C:\WINDOWS\ime
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\usmt
2008-08-29 17:12:46 ----D---- C:\Program Files\Internet Explorer
2008-08-29 17:12:45 ----D---- C:\WINDOWS\PeerNet
2008-08-29 17:12:45 ----D---- C:\Program Files\Movie Maker
2008-08-29 17:10:40 ----D---- C:\WINDOWS\system32\npp
2008-08-29 17:10:40 ----D---- C:\WINDOWS\mui
2008-08-29 17:10:38 ----D---- C:\WINDOWS\msagent
2008-08-29 17:10:37 ----D---- C:\WINDOWS\srchasst
2008-08-29 17:10:36 ----D---- C:\Program Files\NetMeeting
2008-08-29 17:10:35 ----D---- C:\WINDOWS\system32\Com
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows NT
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows Media Player
2008-08-29 17:10:33 ----D---- C:\Program Files\Outlook Express
2008-08-29 17:10:30 ----D---- C:\Program Files\Common Files\System
2008-08-29 17:10:17 ----D---- C:\WINDOWS\system32\oobe
2008-08-29 17:10:15 ----D---- C:\WINDOWS\system
2008-08-29 17:07:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-29 17:04:33 ----D---- C:\WINDOWS\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-20 311680]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-20 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-10-21 50176]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-14 8552]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-02-12 837056]
R2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2007-04-11 42496]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-20 27264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-05-19 29184]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-20 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-15 180864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver); C:\WINDOWS\system32\drivers\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\WINDOWS\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-20 27136]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Net6IM;Net6; C:\WINDOWS\system32\DRIVERS\net6im51.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-02-12 177672]
R2 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe [2007-08-08 38376]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-10-21 155648]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-10-21 864256]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-10-21 229376]
S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-10-21 405504]
S3 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe [2007-08-03 116200]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 AuthFw;AuthFw; C:\Program Files\Authentium\Firewall SDK\AuthFw.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe EarthLinkSafeConnectAgent []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-10-21 45056]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe [2007-08-08 112104]

-----------------EOF-----------------

 

I would say Yes, your system is clean.

Lets fix a couple of other things though. Please disable TeaTimer for now so it doesn't interfere.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident ".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot.

Now create a reg file using the contents of the code box below, then merge it.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6uxxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7xbxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8fhxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0cexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati2jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6uxxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7xbxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8fhxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

Now click Start>Run and type (or Paste) the following command, then hit Enter.

sc delete AuthFw

Repeat with this one.

sc delete dvpapi


Next, download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Run RSIT once more and post the new log. Let me know how the computer is running.

 

Everything seems to be running great. Earthlink didn't load, again but it may be because the install got hosed during all the other problems. I'll try and reinstall and see if it starts to run. Obviously I can't stand not running any anti-virus. It didn't seem to do such a good job on the malware/spyware though!

RIST:
Logfile of random's system information tool 1.02 (written by random/random)
Run by Don at 2008-09-27 23:20:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (74%) free of 149 GB
Total RAM: 1014 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:06 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Don.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137525022796
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 6850 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]
ElnkBhoGuard Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]
ElnkScamBHO Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2007-07-19 255464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2007-07-19 415208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2007-07-19 280040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2007-07-19 878056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-07-20 94208]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-07-20 77824]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-07-20 114688]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"RoxioDragToDisc "=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-10-20 1687552]
"Earthlink Protection Control Center "=C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe [2007-08-08 67048]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector "=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "= "C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows "
"C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe:*:Enabled:VideoWave 8 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 1 months======

2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-27 20:43:33 ----A---- C:\WINDOWS\system32\java.exe
2008-09-27 20:38:10 ----D---- C:\Program Files\Common Files\Java
2008-09-27 20:31:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 19:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-09-27 19:52:48 ----SHD---- C:\RECYCLER
2008-09-27 19:34:57 ----D---- C:\WINDOWS\temp
2008-09-27 19:34:55 ----A---- C:\ComboFix.txt
2008-09-27 16:49:37 ----A---- C:\WINDOWS\system32\subinacl.exe
2008-09-26 19:16:16 ----D---- C:\Program Files\Panda Security
2008-09-23 16:28:40 ----D---- C:\WINDOWS\erdnt
2008-09-23 16:28:24 ----D---- C:\QooBox
2008-09-23 16:28:22 ----A---- C:\WINDOWS\zip.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\VFind.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\SWSC.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swreg.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\sed.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\grep.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 19:54:21 ----D---- C:\rsit
2008-09-22 19:30:23 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2008-09-22 19:30:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 19:30:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 08:40:52 ----D---- C:\Program Files\Trend Micro
2008-09-20 20:52:47 ----D---- C:\WINDOWS\pss
2008-09-20 16:45:57 ----D---- C:\Program Files\RegCleaner
2008-09-18 18:33:20 ----D---- C:\Documents and Settings\Don\Application Data\ScamBlocker
2008-09-18 18:28:56 ----D---- C:\Program Files\Common Files\EarthLink
2008-09-18 17:16:57 ----D---- C:\Documents and Settings\Don\Application Data\aAvgApi
2008-09-18 16:34:35 ----D---- C:\Program Files\AVG
2008-09-18 16:34:29 ----D---- C:\Program Files\McAfee
2008-09-18 16:34:07 ----D---- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-09-18 16:34:05 ----D---- C:\Program Files\Common Files\ADS
2008-09-18 16:34:03 ----D---- C:\Documents and Settings\Don\Application Data\InstallShield
2008-09-18 16:30:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 19:00:01 ----D---- C:\Program Files\Common Files\ADS(2)
2008-09-10 07:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 07:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 18:14:10 ----SHD---- C:\WINDOWS\CSC
2008-09-08 18:07:51 ----A---- C:\WINDOWS\webica.ini
2008-09-08 18:01:09 ----D---- C:\Program Files\Citrix
2008-09-01 22:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-29 17:21:19 ----D---- C:\WINDOWS\Prefetch
2008-08-29 17:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-29 17:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-29 17:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-29 17:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-29 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 17:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-29 17:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-29 17:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 17:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-29 17:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-29 17:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-29 17:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\en-us
2008-08-29 17:12:46 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 17:12:46 ----D---- C:\WINDOWS\l2schemas
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\en
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\bits
2008-08-29 17:10:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-29 17:08:50 ----D---- C:\WINDOWS\network diagnostic
2008-08-29 17:04:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

======List of files/folders modified in the last 1 months======

2008-09-27 23:18:16 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 23:17:50 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-27 23:14:06 ----SHD---- C:\WINDOWS\Installer
2008-09-27 23:14:06 ----HD---- C:\Config.Msi
2008-09-27 23:13:56 ----D---- C:\WINDOWS
2008-09-27 23:08:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 20:43:33 ----D---- C:\WINDOWS\system32
2008-09-27 20:43:33 ----D---- C:\Program Files\Java
2008-09-27 20:38:10 ----D---- C:\Program Files\Common Files
2008-09-27 19:58:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-27 19:57:59 ----HD---- C:\WINDOWS\inf
2008-09-27 19:34:58 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 19:34:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-27 19:31:59 ----D---- C:\Program Files\Linksys EasyLink Advisor
2008-09-27 19:31:13 ----A---- C:\WINDOWS\system.ini
2008-09-27 19:21:58 ----D---- C:\WINDOWS\AppPatch
2008-09-27 19:20:41 ----SD---- C:\WINDOWS\Tasks
2008-09-27 17:11:41 ----D---- C:\WINDOWS\security
2008-09-27 14:55:01 ----D---- C:\WINDOWS\Debug
2008-09-26 19:16:16 ----D---- C:\Program Files
2008-09-23 17:49:55 ----RSD---- C:\WINDOWS\assembly
2008-09-23 17:49:46 ----D---- C:\Program Files\EarthLink
2008-09-23 17:45:32 ----SD---- C:\Documents and Settings\Don\Application Data\Microsoft
2008-09-20 17:00:26 ----D---- C:\WINDOWS\WinSxS
2008-09-20 17:00:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 14:18:11 ----A---- C:\WINDOWS\win.ini
2008-09-18 19:29:58 ----D---- C:\Documents and Settings
2008-09-18 19:28:53 ----A---- C:\WINDOWS\wininit.ini
2008-09-18 18:51:06 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2008-09-18 17:59:38 ----D---- C:\Katie
2008-09-18 16:38:02 ----D---- C:\WINDOWS\system32\config
2008-09-18 16:37:03 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 16:36:59 ----D---- C:\WINDOWS\Registration
2008-09-18 16:33:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-17 04:53:00 ----SHD---- C:\System Volume Information
2008-09-17 04:53:00 ----D---- C:\WINDOWS\system32\Restore
2008-09-14 11:51:49 ----D---- C:\Documents and Settings\Don\Application Data\Canon
2008-09-08 18:04:41 ----D---- C:\Documents and Settings\Don\Application Data\ICAClient
2008-09-02 18:19:45 ----D---- C:\Family Photos
2008-09-02 16:36:25 ----D---- C:\WINDOWS\Help
2008-09-01 20:50:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 22:24:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-29 17:24:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-29 17:20:58 ----D---- C:\WINDOWS\system32\Setup
2008-08-29 17:20:56 ----RSD---- C:\WINDOWS\Fonts
2008-08-29 17:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 17:16:35 ----D---- C:\Program Files\Messenger
2008-08-29 17:12:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-29 17:12:59 ----D---- C:\WINDOWS\ime
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\usmt
2008-08-29 17:12:46 ----D---- C:\Program Files\Internet Explorer
2008-08-29 17:12:45 ----D---- C:\WINDOWS\PeerNet
2008-08-29 17:12:45 ----D---- C:\Program Files\Movie Maker
2008-08-29 17:10:40 ----D---- C:\WINDOWS\system32\npp
2008-08-29 17:10:40 ----D---- C:\WINDOWS\mui
2008-08-29 17:10:38 ----D---- C:\WINDOWS\msagent
2008-08-29 17:10:37 ----D---- C:\WINDOWS\srchasst
2008-08-29 17:10:36 ----D---- C:\Program Files\NetMeeting
2008-08-29 17:10:35 ----D---- C:\WINDOWS\system32\Com
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows NT
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows Media Player
2008-08-29 17:10:33 ----D---- C:\Program Files\Outlook Express
2008-08-29 17:10:30 ----D---- C:\Program Files\Common Files\System
2008-08-29 17:10:17 ----D---- C:\WINDOWS\system32\oobe
2008-08-29 17:10:15 ----D---- C:\WINDOWS\system
2008-08-29 17:07:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-29 17:04:33 ----D---- C:\WINDOWS\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-20 311680]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-20 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-10-21 50176]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-14 8552]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-02-12 837056]
R2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2007-04-11 42496]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-20 27264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-20 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-15 180864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver); C:\WINDOWS\system32\drivers\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\WINDOWS\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-05-19 29184]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-20 27136]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Net6IM;Net6; C:\WINDOWS\system32\DRIVERS\net6im51.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe [2007-08-08 38376]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-10-21 155648]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-10-21 864256]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-10-21 229376]
S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-10-21 405504]
S3 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe [2007-08-03 116200]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe EarthLinkSafeConnectAgent []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-10-21 45056]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe [2007-08-08 112104]

-----------------EOF-----------------

Is it time to clear out all the old system restore points yet? I sure don't want to have to go through this again, even by accident!

I've read through the list of Firewall and anti-virus/ant-spyware,malware applications you have on here. Many I've heard of and used, but is there something you'd recommend as being really good as a resident, then possibly another as a backup for a second opinion as it were? I've been pretty happy with spybot over the years so I think it's a keeper.

 

Fix the following entry with HijackThis.

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

You can re-enable Tea-Timer when done.

Then, open MBAM and remove any items quarantined. Do the same with your resident antivirus.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
Delete the folder C:\rsit
You can delete any other logs that we created/saved too.


I've been quite impressed with the Kasperky Internet Security Suite, which contains Firewall, Antivirus and Malware protection. MBAM also has a pro version which offers real-time protection against malware.

That should finish things up, but lets wait and see if Geri has anything to add before marking this one resolved.

 

I'm sure you're used to this by now, but I'd like to offer my thanks for all you've done, sticking with this till the end. This probably wasn't the worst problem you've dealt with, but with the safe mode problem it seems as if things were compounded and made much worse than they needed to be!
So at this point, all of the old restore points are gone? was a new one created or do I need to do that before I try and install the Earthlink software again?

 

You're very welcome. The safe mode problem did make things a bit tricky, and was a new one on me.

The system restore points should have been cleared with the combofix /u command, and a new restore point created. Easy enough to verify by starting system restore, then choosing to restore to a previous point. There should be only 1 available. You can cancel at that time.

 

Thanks Dave, You're the best.

I believe we're done here, I have nothing to add but the prevention link.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

If everything is running OK then we'll mark this one resolved.

Let us know.

Thanks
Geri

 

Outstanding work gents! It's been working great. I think Resolved is in order.
Thanks again.

 

I think I can speak for the both of us and say...
You're Welcome.

Surf Safely.