Redirected searches and script errors

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* Please be aware that if your issue involves Windows error codes the chances of resolution may be slim because some of these infections corrupt .exe files. The presence of windows error codes may also indicate hardware problems and could limit the success of infection removal.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. *Please note also that not all of our tools work on 64-bit systems, so we may be limited in our procedures.

• Download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

• Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

• Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

• Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

If there is a problem after making changes to the system, to restore your registry, go to the folder and start ERUNT.exe

We'll need to see some additional logs. Please download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

* Please note that I do not know exactly which infections were removed by which scanners, and with a seriously compromised machine, sometimes it's like looking for a needle in a haystack to find everything.Therefore, I cannot be 100% sure of which files would be safe to move.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Bugbatter, thank you so much for your help! Here are the responses to the points or questions above:

1. I have not posted this anywhere else. I REALLY wanted to do so in hopes of quick resolution, but I felt like it was "cheating" or something, using up too many people's resources. Should I go ahead and post it somewhere else also?

2. System Restore is not disabled.

3. There is no cracked software running on the machine.

4. There is no P2P software on the machine.

5. Although this machine is used daily by another user, I do own it so I am free to fix (or destroy lol) as I see fit.

ERUNT has now been downloaded, installed and run as instructed above. The file was saved to the default location.

Security Check by screen317 has been downloaded, installed and run as instructed above. The log file is below:

Results of screen317's Security Check version 0.99.7  

Windows XP Service Pack 3  

Internet Explorer 8  

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!  

Microsoft Security Essentials    

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware    

Java(TM) 6 Update 13  

Java(TM) SE Runtime Environment 6 Update 1

Java(TM) 6 Update 7  

Out of date Java installed!

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:  

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe  

``````````End of Log````````````

What step(s) would you like me to take next, and again, a sincere thank you for your help.

KRC

Thank you for the information.
We need to see some additional information about what is happening in your machine.

Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

• Save both reports to your desktop.

-----------------------------------------------------

• Copy/paste both logs to your reply on the forum. Do not attach them.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

I am so frustrated! I never got an email notification that you had responded to my last post on the 5th, so I actually just logged into the site to vent my frustration at being "abandoned" in my hour of need, only to see that you had responded in less than 2 hours! My apologies for the ugly thoughts I have had the last three days.

Here are the logs you requested:

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_13

Run by Johnstone Supply at 10:16:01 on 2011-06-08

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.410 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uStart Page = hxxp://google.com/

uSearch Bar =

uInternet Settings,ProxyOverride =

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [SigmatelSysTrayApp] stsystra.exe

mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: NoInstrumentation = 1 (0x1)

uPolicies-system: DisableTaskMgr =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181134352937

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl1df01e58;MpKsl1df01e58;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b323c537-62ca-4f5c-ad74-f0f153cdbfa7}\MpKsl1df01e58.sys [2011-6-6 28752]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-29 352656]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-5-19 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-7 47640]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsl384ddce6;MpKsl384ddce6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5b11917-48d5-490b-9cea-fde86b93c016}\mpksl384ddce6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c5b11917-48d5-490b-9cea-fde86b93c016}\MpKsl384ddce6.sys [?]

S1 MpKsl7b563a2b;MpKsl7b563a2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1c2e2f0-3c6c-491a-9bec-07f398053f87}\mpksl7b563a2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1c2e2f0-3c6c-491a-9bec-07f398053f87}\MpKsl7b563a2b.sys [?]

S2 0116691306958981mcinstcleanup;McAfee Application Installer Cleanup (0116691306958981);c:\docume~1\johnst~1\locals~1\temp\011669~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\johnst~1\locals~1\temp\011669~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-19 38224]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-12-5 42112]

S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2009-2-6 101248]

S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]

S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2009-2-6 73856]

S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-7-9 14336]

S4 LMIRfsClientNP;LMIRfsClientNP;

.

=============== Created Last 30 ================

.

2011-06-06 20:48:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b323c537-62ca-4f5c-ad74-f0f153cdbfa7}\MpKsl1df01e58.sys

2011-06-06 20:48:09 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b323c537-62ca-4f5c-ad74-f0f153cdbfa7}\mpengine.dll

2011-06-01 20:57:38 -------- d-----w- c:\windows\system32\winrm

2011-06-01 20:57:33 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-06-01 19:03:44 388096 ----a-r- c:\documents and settings\johnstone supply\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-01 19:03:41 -------- d-----w- c:\program files\Trend Micro

2011-05-31 14:59:05 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7ce00dbb-61fc-40ea-b72d-877dad2d5cd7}\mpengine.dll

2011-05-23 00:53:17 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-23 00:32:33 -------- d-----w- c:\program files\Panda Security

2011-05-22 22:57:34 -------- d-----w- c:\program files\common files\McAfee

2011-05-22 22:55:54 -------- d-----w- c:\program files\McAfee

2011-05-21 00:39:53 -------- d-----w- c:\documents and settings\all users\application data\IObit

2011-05-20 00:02:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-20 00:02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-12 15:01:50 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-05-11 18:08:35 -------- d--h--w- c:\program files\Microsoft Security Client

2011-05-11 17:48:15 -------- d-----w- c:\documents and settings\johnstone supply\local settings\application data\AskToolbar

2011-05-11 17:46:09 -------- d-----w- c:\documents and settings\johnstone supply\application data\Foxit Software

2011-05-11 17:45:45 -------- d--h--w- c:\program files\Foxit Software

2011-05-11 15:41:46 -------- d-----w- c:\documents and settings\johnstone supply\application data\Malwarebytes

2011-05-11 15:41:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-11 14:56:50 -------- d-sha-r- C:\cmdcons

2011-05-11 14:55:07 98816 ---ha-w- c:\windows\sed.exe

2011-05-11 14:55:07 89088 ---ha-w- c:\windows\MBR.exe

2011-05-11 14:55:07 256512 ---ha-w- c:\windows\PEV.exe

2011-05-11 14:55:07 161792 ---ha-w- c:\windows\SWREG.exe

.

==================== Find3M  ====================

.

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 22:55:33 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll

2011-05-11 22:55:33 53632 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-05-11 22:55:32 87424 ---ha-w- c:\windows\system32\LMIinit.dll

2011-05-11 22:55:32 29568 ---ha-w- c:\windows\system32\LMIport.dll

2011-03-11 14:10:38 471552 ---ha-w- c:\windows\apppatch\aclayers.dll

.

============= FINISH: 10:16:34.06 ===============

Here is the Attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/4/2007 9:09:15 AM

System Uptime: 6/4/2011 2:09:23 PM (92 hours ago)

.

Motherboard: Dell Inc. |  | 0XD720

Processor: Genuine Intel(R) CPU           T2080  @ 1.73GHz | Microprocessor | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 119.872 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Dell Wireless 1390 WLAN Mini-Card

Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Manufacturer: Broadcom

Name: Dell Wireless 1390 WLAN Mini-Card

PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Service: BCM43XX

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Audio

Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000

Manufacturer: Broadcom

Name: Bluetooth Audio

PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTAUDIO\1&30EE4AD&0&1000000030000

Service: btaudio

.

==== System Restore Points ===================

.

RP750: 2/2/2011 8:28:59 AM - Software Distribution Service 3.0

RP751: 2/4/2011 10:05:48 AM - Software Distribution Service 3.0

RP752: 2/6/2011 11:44:46 AM - System Checkpoint

RP753: 2/9/2011 10:13:53 AM - Software Distribution Service 3.0

RP754: 2/9/2011 11:12:14 AM - Software Distribution Service 3.0

RP755: 2/10/2011 8:01:57 PM - Software Distribution Service 3.0

RP756: 2/11/2011 6:43:42 AM - Software Distribution Service 3.0

RP757: 2/14/2011 9:11:54 AM - Software Distribution Service 3.0

RP758: 2/16/2011 8:51:10 AM - Software Distribution Service 3.0

RP759: 2/16/2011 9:00:17 AM - Software Distribution Service 3.0

RP760: 2/18/2011 10:29:17 AM - Software Distribution Service 3.0

RP761: 2/22/2011 8:48:14 AM - Software Distribution Service 3.0

RP762: 2/22/2011 9:00:18 AM - Software Distribution Service 3.0

RP763: 2/27/2011 4:22:38 PM - Software Distribution Service 3.0

RP764: 3/1/2011 9:09:41 AM - Software Distribution Service 3.0

RP765: 3/2/2011 8:19:40 PM - System Checkpoint

RP766: 3/4/2011 12:27:40 PM - Software Distribution Service 3.0

RP767: 3/4/2011 12:36:17 PM - Software Distribution Service 3.0

RP768: 3/6/2011 2:48:43 PM - System Checkpoint

RP769: 3/9/2011 2:01:22 PM - Software Distribution Service 3.0

RP770: 3/9/2011 4:39:03 PM - Software Distribution Service 3.0

RP771: 3/11/2011 7:14:48 AM - Software Distribution Service 3.0

RP772: 3/15/2011 7:19:18 PM - Software Distribution Service 3.0

RP773: 3/19/2011 10:15:37 AM - Software Distribution Service 3.0

RP774: 3/22/2011 8:50:31 AM - Software Distribution Service 3.0

RP775: 3/24/2011 9:00:18 AM - Software Distribution Service 3.0

RP776: 3/25/2011 8:38:02 AM - Software Distribution Service 3.0

RP777: 3/30/2011 10:09:34 AM - Software Distribution Service 3.0

RP778: 3/31/2011 11:01:41 AM - System Checkpoint

RP779: 4/4/2011 6:21:23 PM - Software Distribution Service 3.0

RP780: 4/5/2011 12:10:29 PM - Software Distribution Service 3.0

RP781: 4/8/2011 10:10:44 AM - Software Distribution Service 3.0

RP782: 4/12/2011 8:46:34 AM - Software Distribution Service 3.0

RP783: 4/14/2011 8:40:57 PM - Software Distribution Service 3.0

RP784: 4/14/2011 9:59:24 PM - Software Distribution Service 3.0

RP785: 4/15/2011 4:05:42 PM - Software Distribution Service 3.0

RP786: 4/19/2011 3:48:32 PM - Software Distribution Service 3.0

RP787: 4/21/2011 3:26:50 PM - Software Distribution Service 3.0

RP788: 4/22/2011 10:42:01 AM - Software Distribution Service 3.0

RP789: 4/25/2011 7:09:40 PM - System Checkpoint

RP790: 4/26/2011 8:32:56 AM - Software Distribution Service 3.0

RP791: 4/28/2011 1:26:25 PM - Software Distribution Service 3.0

RP792: 4/29/2011 12:44:42 PM - Software Distribution Service 3.0

RP793: 4/29/2011 1:02:46 PM - IObit Uninstaller restore point

RP794: 4/29/2011 1:04:11 PM - Removed AVG Free 8.5

RP795: 4/29/2011 1:09:15 PM - Installed AVG Free 8.5

RP796: 4/29/2011 1:11:45 PM - IObit Uninstaller restore point

RP797: 4/29/2011 1:12:06 PM - Removed Dell Support 3.2.1

RP798: 4/29/2011 1:13:00 PM - Removed Dell Support Center.

RP799: 4/29/2011 1:15:20 PM - Removed SUPERAntiSpyware Free Edition

RP800: 5/4/2011 9:09:07 AM - Software Distribution Service 3.0

RP801: 5/6/2011 10:33:29 AM - Software Distribution Service 3.0

RP802: 5/10/2011 3:37:55 PM - Software Distribution Service 3.0

RP803: 5/10/2011 5:55:02 PM - Software Distribution Service 3.0

RP804: 5/11/2011 1:21:09 PM - Removed Adobe Reader 8.1.4

RP805: 5/11/2011 1:22:38 PM - Installed Adobe Reader X (10.0.1).

RP806: 5/11/2011 1:52:21 PM - Software Distribution Service 3.0

RP807: 5/11/2011 2:18:06 PM - Software Distribution Service 3.0

RP808: 5/12/2011 10:41:38 AM - Software Distribution Service 3.0

RP809: 5/12/2011 11:01:06 AM - Software Distribution Service 3.0

RP810: 5/13/2011 11:51:27 AM - Software Distribution Service 3.0

RP811: 5/16/2011 9:35:22 AM - Software Distribution Service 3.0

RP812: 5/17/2011 4:49:36 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

AccuTerm 2K2

Advanced SystemCare 4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Communication Manager

Broadcom Management Programs

Coleman Home Comfort Center 2.0

Compressor Performance Calculator

Conexant HDA D110 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Dell System Restore

Dell Wireless WLAN Card

Digital Line Detect

Driver Installer

ERUNT 1.1j

Foxit Reader

GoToMeeting 4.5.0.457

Heatcraft  ProBox

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp LaserJet 4250/4350

iTunes

J2SE Runtime Environment 5.0 Update 6

Java(TM) 6 Update 13

Java(TM) 6 Update 7

Java(TM) SE Runtime Environment 6 Update 1

Johnson Controls, Inc. Catalog

LogMeIn

Malwarebytes' Anti-Malware

MediaDirect

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft English TTS Engine

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Modem Helper

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MV Lucida Console Font (remove only)

NetWaiting

NVIDIA Drivers

OutlookAddinSetup

QuickSet

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Spelling Dictionaries Support For Adobe Reader 8

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

ViewPort+ Plug-in

ViewSonic Monitor Drivers

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

6/8/2011 10:16:13 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.105.1363.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/3/2011 4:42:32 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd

6/1/2011 3:01:42 PM, error: Service Control Manager [7023]  - The System Restore Service service terminated with the following error:  Access is denied.

6/1/2011 3:01:41 PM, error: SRService [104]  - The System Restore initialization process failed.

.

==== End Of File ===========================

Thanks for all your help!  I have decided to just give it up and turn it over to the recycler.

You've been great, and I truly appreciate it.

Thank you for letting me know. We had only just begun, but it may not have been worth the time that we'd have to spend to do a thorough cleanup. :emotion-2:  Glad we were able to help, even if it was for only a short time.

For when your new system arrives, here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

The following suggestions are general prevention and are not customized for your computer.

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.. Run a complete system scan with your anti-virus at least once a week...preferably in Safe mode.
If your anti-virus program is a paid/licensed version that is about to expire, you can consider removing it and using a free one such as:
Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! Home Edition

If you prefer not to use the Windows Firewall, there are several of the freeware Firewalls available on the public domain.

Please see this list for anti-virus, firewalls, and other FREE SECURITY SOFTWARE.

3. Using an alternate browser can reduce your chance of certain infections installing themselves. You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Keep your software updated...make it easier on yourself and install the free security tool Secunia PSI .

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7. Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Red for Warning = STOP
• Yellow for Use Caution
• Green for Safe
• Grey for Unknown

There is a Web Of Trust version for Firefox as well.

8. If you still wish to use Internet Explorer, please make sure you install SpywareBlaster:  http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates.

9. You might want to install Winpatrol. Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.  You can download a free copy of Winpatrol or use the Plus version for more features.
You can read Winpatrol's FAQ if you run into problems.

10. Many of us in the online security community have tried and tested programs to determine their abilities. Please remember that there is no guarantee regarding computer security. However, the available software, combined with the rest of these recommendations will contribute to helping your system running safely.

Here are some helpful articles:
How did I get infected?  HERE

  I'm not pulling your leg, honest?
by Sandi Hardmeier  HERE

11. If you use Social Media (Facebook, Twitter, etc.) you can stay informed at SpywareHammer's Forum for Social Media Security

12. Check to be sure that you are not one of those people who is using a dangerously easy-to-guess password at websites requiring passwords. There is a good how-to video HERE.

Happy and Safe Surfing!

NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Post at the top of the forum.