Hey guys!

This is urgent, because I have an essay due in a couple days that is a HUGE part of my grade.

I got a new computer a couple months back, and everything was going fine until a couple days ago when i let a friend come over to use it for a project for school.

I am not sure what he did on it but a couple strange things have been going on:

The computer is running a bit slower
The clock changed to January 2007 (This was after my power went out, is that had anything to do with it)
One of my friends said I sent them something over AOL Instant messenger (AIM) and they clicked the link I "Sent them" and it messed up their computer. The funny thing was I hadn't messaged them in months, and there is no was anyone else could have done it, as noone can use my computer unless I give them permission.
Also, one of the sites I always go on wouldn't work on Firefox, but it did work on IE. The site is "Edline.net" (A school site thing)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:08 AM, on 1/1/2007
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080911
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080911
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080911
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9364 bytes


Thanks alot.

EDIT: I just found out that i can no longer get on AIM. All it says is "Connection Failed" when i try to long on. This is the first time this has ever happened, and as you can see, I can still use the internet.







This post has been edited by Sparkey2372: Nov 5 2008, 09:43 PM

DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.



Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

Hey LDT,

Just finished your instructions, strangely, it found nothing at all...could it just be me being paranoid?

Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 5.1.2600 Service Pack 3

11/6/2008 3:40:14 PM
mbam-log-2008-11-06 (15-40-14).txt

Scan type: Quick Scan
Objects scanned: 49918
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Also, that site worked earlier today that wouldn't a couple days ago, but nothing explains the "me sending my friend something over Instant messenger" thing. My computer seems to be acting normal, but yesterday it certainly wasn't being normal.

One more question: Could the clock changing be caused from the power outage yesterday?

Also, thanks alot for your help.

This post has been edited by Sparkey2372: Nov 6 2008, 02:44 PM

If we don't find anything with this one, I'say you're ok.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

Gah...I can't figure out how to disable McAfee.

Right clicking on the little icon doesn't show a disable button, and i can't find one anywhere.

That's OK, do the scan anyway.

Couldn't it be harmful to run it with McAfee on?

On the link you gave it said to disable McAfee.

This post has been edited by Sparkey2372: Nov 6 2008, 06:49 PM

If you can't figure out how to disable it, just run the scan. It won't hurt anything.

Alright. Ill post the results in a few minutes.

I clicked combofix, and Mcafee said:
Mcafee has blocked a potentially unwanted program.

Name: RemAdm-ProcLaunch!717
Location: C:\32788r22fwjfw\psexce.cfexe

Remove this program, or trust this program?

This post has been edited by Sparkey2372: Nov 6 2008, 06:57 PM

trust it.

Ok. While ComboFix was running McAfee stopped and locked a "virus" automatically. I couldn't see what it was because my computer restarted shortly after. Here is the log:

2008-10-15 15:55 . 2008-11-02 01:59 244 --ah----- C:\sqmnoopt12.sqm
2008-10-14 14:21 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 14:21 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 14:21 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 14:21 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 14:21 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 14:21 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 14:18 . 2008-11-02 01:30 268 --ah----- C:\sqmdata11.sqm
2008-10-14 14:18 . 2008-11-02 01:30 244 --ah----- C:\sqmnoopt11.sqm
2008-10-13 14:43 . 2008-11-01 18:23 268 --ah----- C:\sqmdata10.sqm
2008-10-13 14:43 . 2008-11-01 18:23 244 --ah----- C:\sqmnoopt10.sqm
2008-10-12 16:05 . 2008-11-01 09:19 268 --ah----- C:\sqmdata09.sqm
2008-10-12 16:05 . 2008-11-01 09:19 244 --ah----- C:\sqmnoopt09.sqm
2008-10-12 10:04 . 2008-10-31 19:09 268 --ah----- C:\sqmdata08.sqm
2008-10-12 10:04 . 2008-10-31 19:09 244 --ah----- C:\sqmnoopt08.sqm
2008-10-11 10:35 . 2008-10-30 14:43 268 --ah----- C:\sqmdata07.sqm
2008-10-11 10:35 . 2008-10-30 14:43 244 --ah----- C:\sqmnoopt07.sqm
2008-10-10 14:55 . 2008-10-29 14:49 268 --ah----- C:\sqmdata06.sqm
2008-10-10 14:55 . 2008-10-29 14:49 244 --ah----- C:\sqmnoopt06.sqm
2008-10-09 18:01 . 2008-10-28 14:43 268 --ah----- C:\sqmdata05.sqm
2008-10-09 18:01 . 2008-10-28 14:43 244 --ah----- C:\sqmnoopt05.sqm
2008-10-09 11:04 . 2008-10-27 17:11 268 --ah----- C:\sqmdata04.sqm
2008-10-09 11:04 . 2008-10-27 17:11 244 --ah----- C:\sqmnoopt04.sqm
2008-10-08 18:47 . 2008-10-26 22:13 268 --ah----- C:\sqmdata03.sqm
2008-10-08 18:47 . 2008-10-26 22:13 244 --ah----- C:\sqmnoopt03.sqm
2008-10-07 15:09 . 2008-10-25 10:20 268 --ah----- C:\sqmdata02.sqm
2008-10-07 15:09 . 2008-10-25 10:20 244 --ah----- C:\sqmnoopt02.sqm
2008-10-07 15:06 . 2008-10-24 19:42 268 --ah----- C:\sqmdata01.sqm
2008-10-07 15:06 . 2008-10-24 19:42 244 --ah----- C:\sqmnoopt01.sqm
2008-10-07 14:36 . 2008-10-23 14:36 268 --ah----- C:\sqmdata00.sqm
2008-10-07 14:36 . 2008-10-23 14:36 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 02:25 --------- d-----w c:\program files\McAfee
2008-10-15 02:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-15 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2008-09-22 19:41 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-22 19:41 --------- d-----w c:\program files\Windows Live
2008-09-22 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-19 20:56 --------- d-----w c:\documents and settings\Joe R\Application Data\SPORE
2008-09-19 01:40 --------- d-----w c:\documents and settings\Joe R\Application Data\acccore
2008-09-19 01:40 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-09-19 01:39 --------- d-----w c:\program files\Viewpoint
2008-09-19 01:39 --------- d-----w c:\program files\Common Files\AOL
2008-09-19 01:39 --------- d-----w c:\program files\AIM6
2008-09-19 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-09-19 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-09-19 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-09-17 19:19 --------- d-----w c:\program files\Google
2008-09-17 02:14 --------- d--h--r c:\documents and settings\Joe R\Application Data\SecuROM
2008-09-17 02:13 --------- d-----w c:\program files\Electronic Arts
2008-09-17 02:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-11 19:57 4,771 ----a-w c:\windows\system32\drivers\1028_Dell_XPS_XPS_630I.mrk
2008-09-11 17:17 --------- d-----w c:\program files\Dell
2008-09-11 17:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-11 17:16 --------- d-----w c:\program files\Microsoft Plus! Photo Story 2 LE
2008-09-11 17:16 --------- d-----w c:\program files\Microsoft Plus! Digital Media Edition
2008-09-11 17:15 --------- d-----w c:\program files\MUSICMATCH
2008-09-11 17:14 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\CyberLink
2008-09-11 17:14 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-09-11 17:14 --------- d-----w c:\program files\Citrix
2008-09-11 17:14 --------- d-----w c:\documents and settings\Joe R\Application Data\CyberLink
2008-09-11 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\Uninstall
2008-09-11 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-09-11 17:14 --------- d-----w c:\documents and settings\Administrator\Application Data\CyberLink
2008-09-11 17:13 --------- d-----w c:\program files\Roxio
2008-09-11 17:13 --------- d-----w c:\program files\Dell Support Center
2008-09-11 17:13 --------- d-----w c:\program files\Common Files\supportsoft
2008-09-11 17:13 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-09-11 17:13 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-09-11 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-09-11 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-09-11 17:11 --------- d-----w c:\program files\McAfee.com
2008-09-11 17:11 --------- d-----w c:\program files\Common Files\McAfee
2008-09-11 17:10 --------- d-----w c:\program files\Common Files\Adobe
2008-09-11 17:09 --------- d-----w c:\program files\Microsoft.NET
2008-09-11 17:09 --------- d-----w c:\program files\Microsoft Works
2008-09-11 17:07 --------- d-----w c:\program files\CyberLink
2008-09-11 17:06 --------- d-----w c:\program files\NVIDIA Corporation
2008-09-11 17:06 --------- d-----w c:\program files\Java
2008-09-11 17:06 --------- d-----w c:\program files\Common Files\Java
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 106496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-14 8523776]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-01-03 184864]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-11 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-19 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-19 16624]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-14 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-11 12:14 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=

R0 nvgts;nvgts;c:\windows\system32\drivers\nvgts.sys [2008-02-11 102400]
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-02-11 128000]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-09-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-09-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Joe R\Application Data\Mozilla\Firefox\Profiles\jdrm3slr.default\
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:10:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\JOER~1\LOCALS~1\Temp\RGI1.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell V305\dldtmsdmon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-11-06 20:15:36 - machine was rebooted [Joe R]
ComboFix-quarantined-files.txt 2008-11-07 01:15:31

Pre-Run: 290,024,722,432 bytes free
Post-Run: 289,958,232,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

241 --- E O F --- 2008-10-24 03:07:33

I don't see any infections there.