One of those days you walk away from the pc for 10 minutes and you come back to the blue screen of death. I was on the internet when this occurred. Hadn't installed anything new. Had to unplug pc and reboot cold. I ran Spybot and Webroot and found hupigon13 and win32delf.uv. And the task manager was inaccessible. Didn't take me long to find out my simple anti virus programs weren't up to the challenge.

Up until then I had no symptoms of any problems. This old computer was running fairly smooth. I clean and run diagnostics every evening.

I've don the pre work and here are the results.

Deckard's System Scanner v20071014.68
Run by Linda on 2008-07-19 12:28:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-19 12:30:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Linda\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Paid Survey | Get Paid to Take Surveys Online | Greenfield Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe"
O4 - HKLM\..\Run: [sbsb] C:\WINDOWS\system32\sbsb.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Evidence Eliminator] "C:\Program Files\Evidence Eliminator\ee.exe" /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableTaskMgr=1
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146883265031
O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB
O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesui...ot/BotCtrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...156.4039351852
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D1F3CBA2-E05A-403E-B7A3-89C30F57D51E} (::: Wild Pockets Plugin MarketTools Control Class) - http://www.wildpockets.com/common/Wp...tTools9718.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/even...448/MILive.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O23 - Service: BHCP Service (BHsrv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Bhsrv.msi
O23 - Service: dlcq_device - Unknown owner - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


--
End of file - 9523 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 EMSLink (EMS Inter-Link driver V3.0) - c:\windows\system32\drivers\em3link.sys <Not Verified; EMS3 DRIVER; EMS3LINK Driver>
1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
3 SQTECH9080 (MegaCam(PID_9080_00)) - system32\drivers\capt9080.sys (file missing)
2 yqyuvohb - c:\windows\system32\drivers\vbqftz.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 BHsrv (BHCP Service) - c:\program files\common files\microsoft shared\msinfo\bhsrv.msi (file missing)
2 cqyuvo - c:\windows\system32\svchost.exe
2 dlcq_device - c:\windows\system32\dlcqcoms.exe
2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe
2 SmartSrv (Smart Card Service) - c:\windows\system32\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-19 12:30:04 0 d-------- C:\Program Files\Trend Micro
2008-07-18 23:07:11 0 dr-h----- C:\Documents and Settings\Linda\Recent
2008-07-17 16:15:35 38368 ---hs---- C:\sbsb.exe
2008-07-17 12:49:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-17 12:47:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-17 12:08:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-17 12:07:47 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-03 09:39:50 0 d-------- C:\Documents and Settings\Linda\Application Data\MSNInstaller
2008-06-29 22:29:22 0 d-------- C:\Program Files\Safer Networking
2008-06-19 21:31:44 0 d-------- C:\Documents and Settings\Linda\Application Data\PreCast
2008-06-19 21:31:15 0 d-------- C:\Documents and Settings\Linda\Application Data\Terrapin


-- Find3M Report ---------------------------------------------------------------

2008-07-19 10:11:32 0 d-------- C:\Program Files\Dl_cats
2008-07-17 10:55:59 0 d-------- C:\Documents and Settings\Linda\Application Data\MSN6
2008-05-20 16:45:04 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 03:56 AM C:\WINDOWS\system32\rundll32.exe]
"DLCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCQtime.dll" [10/16/2006 01:31 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"nwiz"="nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\system32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 09:36 PM]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 966\memcard.exe" [12/12/2006 04:22 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [12/12/2006 04:22 AM]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [01/12/2007 01:21 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" []
"IconixOEAddOn"="C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe" []
"sbsb"="C:\WINDOWS\system32\sbsb.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" []
"Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
PreCast Monitor.lnk - C:\Program Files\Ocucom\PreCast\tmon.exe [2/12/2008 1:24:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
"DisableWindowsUpdateAccess"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableWindowsUpdateAccess"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
cqyuvo cqyuvo
krnlsrvc SmartSrv




-- End of Deckard's System Scanner: finished at 2008-07-19 12:31:46 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 56%
Physical Memory (total/avail): 254.98 MiB / 109.91 MiB
Pagefile Memory (total/avail): 625.67 MiB / 428.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.9 GiB total, 14.08 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Linda\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MELESTINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Linda
LOGONSERVER=\\MELESTINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Linda\LOCALS~1\Temp
TMP=C:\DOCUME~1\Linda\LOCALS~1\Temp
USERDOMAIN=MELESTINE
USERNAME=Linda
USERPROFILE=C:\Documents and Settings\Linda
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Linda (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
Conexant HSF V92 56K RTAD Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SU BSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 966 --> C:\Program Files\Dell Photo AIO Printer 966\Install\x86\Uninst.exe
Dell Picture Studio - Dell Image Expert --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{A9915D9A-D08A-4CDB-87FD-FC60CF15A11E}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Emperor: Rise of the Middle Kingdom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\setup.exe" -l0x9
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GameCube Gamesaves --> MsiExec.exe /I{3A20171A-C7B3-42F6-83EC-6483EBB7D152}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Homescan Internet Transporter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92BF38A8-5616-4209-87A3-D910B45A1D98}\setup.exe" -l0x9 /UNINSTALL -removeonly
Homescan Online --> C:\PROGRA~1\NETRAT~1\NetMeter\NIELSE~2.EXE /uninstall /notsilent
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Invoke Solutions Participant 6.0.0.1448 --> "C:\Program Files\Invoke Solutions\Participant\6.0\unins000.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Just Grandma and Me --> C:\WINDOWS\uninst.exe -fC:\Lvg_Bks\DeIsL1.isu
KaM - The Peasants Rebellion --> C:\PROGRA~1\KAM-TH~1\UNWISE.EXE /U C:\PROGRA~1\KAM-TH~1\INSTALL.LOG
Keynote Connector --> C:\WINDOWS\DOWNLO~1\CONNEC~2.EXE /Uninstall
MahJongg Master --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MahJongg Master\DeIsL1.isu" -c"C:\Program Files\MahJongg Master\_ISREG32.DLL"
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft Age of Empires --> C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires Trial --> C:\Program Files\Microsoft Games\Age of Empires Trial\Uninstal.exe /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000 V2 --> MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
Ocucom PreCast 1.6 --> C:\Program Files\Ocucom\PreCast\uninstaller.exe
PerfectTeller --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Branchsoft Technologies\PerfectTeller\DeIsL2.isu" -cC:\PROGRA~1\BRANCH~1\PERFEC~1\_ISREG32.DLL
Pharaoh --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Pharaoh\Uninst.isu -cC:\SIERRA\Pharaoh\customuninstall.dll
PHOTOVU LINK 2.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626C4560-0B8F-11D6-8125-00105A533D72}\Setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Robin Hood: The Legend Of Sherwood --> C:\PROGRA~1\STRATE~1\ROBINH~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\ROBINH~1\INSTALL.LOG
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sierra On-Line Games (Remove only) --> C:\SIERRA\SETUP.EXE /U
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SimTheme Park --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SimTheme Park\Uninst.isu" -c"C:\Program Files\SimTheme Park\uninst.dll" -BFLANG=1033
SpongeBob Promo Screen Saver --> C:\WINDOWS\system32\SpongeBob Promo.scr /u
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stronghold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
Stronghold 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Ultimate Mahjongg 10 --> C:\PROGRA~1\ValuSoft\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ValuSoft\ULTIMA~1\INSTALL.LOG
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Zeus & Poseidon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8043219B-D2C0-4561-90AB-3F1113ED5A87}\Setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type54937 / Error
Event Submitted/Written: 07/19/2008 10:11:16 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type54936 / Error
Event Submitted/Written: 07/19/2008 10:11:16 AM
Event ID/Source: 27 / WinMgmt
Event Description:
WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

Event Record #/Type54935 / Warning
Event Submitted/Written: 07/19/2008 10:10:58 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type54934 / Warning
Event Submitted/Written: 07/19/2008 10:10:58 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.

Event Record #/Type54933 / Warning
Event Submitted/Written: 07/19/2008 10:10:58 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2975 / Warning
Event Submitted/Written: 07/19/2008 00:18:00 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type2971 / Warning
Event Submitted/Written: 07/19/2008 10:10:49 AM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Evidence Eliminator because the directory C:\Program Files\Evidence Eliminator no longer exists. Please run "net share Evidence Eliminator /delete" to delete the share, or recreate the directory C:\Program Files\Evidence Eliminator.

Event Record #/Type2962 / Error
Event Submitted/Written: 07/18/2008 02:48:05 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 804dbc95.

Event Record #/Type2961 / Error
Event Submitted/Written: 07/18/2008 02:46:57 PM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer Dell Photo AIO Printer 966 share name DellPhot.

Event Record #/Type2960 / Warning
Event Submitted/Written: 07/18/2008 02:46:51 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Evidence Eliminator because the directory C:\Program Files\Evidence Eliminator no longer exists. Please run "net share Evidence Eliminator /delete" to delete the share, or recreate the directory C:\Program Files\Evidence Eliminator.



-- End of Deckard's System Scanner: finished at 2008-07-19 12:31:46 ------------

Thank you so much! How hazardous is it for me to stay connected to the net on this computer? I've had it unplugged until I loaded the Hijack and Deckard's programs. Linda

Download OTMoveIt2 http://download.bleepingcomputer.com.../OTMoveIt2.exe

Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.

C:\sbsb.exe
C:\WINDOWS\system32\sbsb.exe


Next, return to OTMoveIt2 and right click in the "Paste List of Files/Patterns to Search For and Move" window.
Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.
Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes.
Now, double click and open OTMoveIt2 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).
When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt2 program and all the folders it created. Then just reboot your computer to finish up.

=============================

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thank you so much! I'll hit it first thing in the morning. After my first cup of coffee..... I'll post again after I mudddle through!


You guys are great!

Okay! Here are the results!


ComboFix 08-07-20.9 - Linda 2008-07-21 10:23:03.1 - NTFSx86

Running from: C:\Documents and Settings\Linda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Linda\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\All Users\documents\setup.exe
C:\WINDOWS\system32\BITSEx.dll
C:\WINDOWS\system32\drivers\beep.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BHSRV
-------\Service_BHsrv


((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-19 12:30 . 2008-07-19 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-17 11:54 . 2008-07-17 11:54 1 --a------ C:\WINDOWS\system32\000436ac.ini
2008-07-03 09:39 . 2008-07-03 09:40 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\MSNInstaller
2008-06-29 22:31 . 2008-06-29 22:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 22:29 . 2008-06-29 22:29 <DIR> d-------- C:\Program Files\Safer Networking

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-21 14:33 --------- d-----w C:\Documents and Settings\Linda\Application Data\PreCast
2008-07-21 14:30 --------- d-----w C:\Program Files\Dl_cats
2008-07-21 13:33 --------- d-----w C:\Documents and Settings\Linda\Application Data\MSN6
2008-07-17 16:18 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-04 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 01:31 --------- d-----w C:\Documents and Settings\Linda\Application Data\Terrapin
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-07 20:36 104 --sh--r C:\WINDOWS\system32\547E0DF39C.sys
2008-03-07 20:36 5,852 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"DLCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCQtime.dll" [2006-10-16 01:31 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 966\memcard.exe" [2006-12-12 04:22 304008]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-12-12 04:22 312200]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 13:21 292336]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
PreCast Monitor.lnk - C:\Program Files\Ocucom\PreCast\tmon.exe [2008-02-12 13:24:26 1811120]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableWindowsUpdateAccess"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableWindowsUpdateAccess"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"C:\\Program Files\\ACNielsen\\Homescan Internet Transporter\\HSTrans.exe"=
"C:\\Program Files\\Branchsoft Technologies\\PerfectTeller\\PerfectTeller.exe"=
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:HTTP


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
cqyuvo REG_MULTI_SZ cqyuvo
krnlsrvc REG_MULTI_SZ SmartSrv
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
HKCU-Run-Evidence Eliminator - C:\Program Files\Evidence Eliminator\ee.exe
HKLM-Run-Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
HKLM-Run-IconixOEAddOn - C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe
HKLM-Run-sbsb - C:\WINDOWS\system32\sbsb.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.greenfieldonline.com/TrafficUI/mscui/page.aspx?cid=1&ptid=4&utcoffset=4
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
C:\WINDOWS\Downloaded Program Files\ConnectorLauncher.inf
C:\WINDOWS\Downloaded Program Files\ConnectorLauncher.dll
C:\WINDOWS\Downloaded Program Files\ConnectorScriptEngine.exe

O16 -: {78D80081-F388-11D3-9161-00105A07EA40} - hxxp://www.leadtools.com/cabs/LCODCCMPE.CAB
C:\WINDOWS\Downloaded Program Files\LCODCCMP.INF
C:\WINDOWS\system32\LCODCCMP.DLL

O16 -: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} - hxxp://www.consumerinput.com.edgesuite.net/bot/BotCtrl.cab
C:\WINDOWS\Downloaded Program Files\default.inf
C:\WINDOWS\Downloaded Program Files\BotCtrl.dll

O16 -: {D1F3CBA2-E05A-403E-B7A3-89C30F57D51E} - hxxp://www.wildpockets.com/common/WpCubCtrlMarketTools9718.cab
C:\WINDOWS\Downloaded Program Files\WpCubCtrlMarketTools.dll

O16 -: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.0.0.1448/MILive.cab
C:\WINDOWS\Downloaded Program Files\MILive.inf
C:\Program Files\Invoke Solutions\Participant\6.0\MILivePDP5.es


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 10:29:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S martSrv]
"ServiceDll"="C:\WINDOWS\system32\smartcard.rm vb"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
.
************************************************** ************************
.
Completion time: 2008-07-21 10:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 14:41:12

Pre-Run: 15,026,737,152 bytes free
Post-Run: 14,986,465,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

159 --- E O F --- 2008-07-08 21:41:52


Now what? Thank you~Linda

How are things running now ?

Well, I haven't done anything out of fear. So, I just got on that pc and ran spybot. It claims I still have Win32.Delf.uv. Webroot found nothing. Task manager is back!! Hooray!!

What do I need to do now?

Thank you so much!!!