jabuck, found this site searching for information on the red X appearing on my C: drive. I had a terrible, multiple element infection about a month ago. Took me 2 wks to get Vundo off my machine and be able to delete 40,000 posxxx files it had generated. I used multiple scans with SpySweeper and AVG Spyware 7.5 along with McAfee AntiVirus. Had multiple trojans and several other viruses all at once. What a mess. Some of my drivers may have been ruined etc. - I bought a year membership to DriverAgent and installed 5 or 6 that it detected. The pc seems to be working normally now except for the red X - I have HiJackThis and ran a scan once. Have Win XP Home Edition with SP 2 - can you help me make sure all is well and to remove the red X? I appreciate your expertise. skip in delaware

PS My email address was hijacked around the same time - very annoying - getting junk mail from myself. Anything that I can do to get the hijacker?

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Thanks very much jabuck. Here is the HijackThis Log (will post Combofix log next):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:11 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Skip\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {3BCAC431-C7C8-433E-BF4A-E0AE51FB856C} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: {22e496ad-694c-a918-ac04-4e332b7eb5f9} - {9f5be7b2-33e4-40ca-819a-c496da694e22} - C:\WINDOWS\system32\lccsjrst.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O20 - Winlogon Notify: nnnlifg - nnnlifg.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 8402 bytes

Here is Combofix Log:
ComboFix 08-03-01.3 - Skip 2008-03-01 22:23:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.555 [GMT -5:00]
Running from: C:\Documents and Settings\Skip\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\PhiBtn.exe
C:\WINDOWS\system32\drivers\Tray900.exe
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-01 22:09 . 2008-03-01 22:09 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-01 21:43 . 2008-03-01 21:43 <DIR> d-------- C:\VundoFix Backups
2008-02-29 22:20 . 2008-02-29 22:20 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-02-29 21:28 . 2007-01-17 16:03 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-02-29 21:28 . 2007-01-17 16:02 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-02-29 21:28 . 2006-01-12 14:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-02-29 21:24 . 2008-02-29 21:24 <DIR> d-------- C:\Intel
2008-02-29 20:47 . 2008-02-29 20:47 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-27 17:34 . 2008-02-27 17:34 <DIR> d-------- C:\QVWIN
2008-02-26 20:42 . 2008-02-26 20:43 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
2008-02-26 18:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-26 18:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-26 17:51 . 2008-02-26 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-26 14:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 09:33 . 2008-02-26 17:51 <DIR> d-------- C:\WINDOWS\LastGood(2)
2008-02-25 21:36 . 2008-02-26 18:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Cakewalk
2008-02-25 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-24 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\QVWIN
2008-02-05 22:06 . 2008-02-05 22:18 <DIR> d-------- C:\SDAT
2008-02-05 22:03 . 2008-02-05 22:03 34,417,536 --a------ C:\sdat5223.exe
2008-02-05 09:58 . 2008-02-05 09:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-04 16:59 . 2008-02-04 16:59 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Grisoft
2008-02-04 16:59 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 16:58 . 2008-02-04 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 00:29 . 2008-02-04 00:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-03 20:58 . 2008-02-03 20:58 294 ---hs---- C:\WINDOWS\system32\dculmchv.ini
2008-02-03 17:40 . 2008-02-03 17:40 294 ---hs---- C:\WINDOWS\system32\blpnhjsw.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 03:28 --------- d-----w C:\Program Files\Dl_cats
2008-03-01 23:39 --------- d-----w C:\Program Files\Media Resizer PRO
2008-03-01 13:15 --------- d-----w C:\Program Files\McAfee
2008-03-01 02:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-01 02:34 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926
2008-02-22 04:08 --------- d-----w C:\Documents and Settings\Skip\Application Data\SiteAdvisor
2008-02-04 00:21 --------- d-----w C:\Documents and Settings\Skip\Application Data\gtk-2.0
2008-02-02 04:16 --------- d-----w C:\Program Files\MSECACHE
2008-02-01 02:42 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 02:57 --------- d-----w C:\Program Files\MediaCoder Audio Edition
2008-01-31 02:55 --------- d-----w C:\Program Files\GemMaster
2008-01-30 05:35 --------- d-----w C:\Documents and Settings\Skip\Application Data\MSNInstaller
2008-01-30 05:34 --------- d-----w C:\Documents and Settings\Skip\Application Data\ppstream
2008-01-30 05:31 --------- d-----w C:\Program Files\WildTangent
2008-01-29 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-29 00:05 --------- d-----w C:\Documents and Settings\Skip\Application Data\McAfee
2008-01-28 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 23:02 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-27 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-07-02 00:09 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BCAC431-C7C8-433E-BF4A-E0AE51FB856C}]
C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f5be7b2-33e4-40ca-819a-c496da694e22}]
C:\WINDOWS\system32\lccsjrst.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-28 19:22 282624]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 21:39 36904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04 304008]
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [ ]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 00:31 106496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [ ]

C:\Documents and Settings\Skip\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [2007-12-30 13:26:38 255408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g USB adapter.lnk - C:\Program Files\11g USB adapter\Wifiusb.exe [2004-09-06 08:11:36 487424]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-09-30 15:20:57 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlifg]
nnnlifg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Skip\\My Documents\\Websites\\Ipswitch\\WS_FTP95.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 17:28]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys []
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2007-04-13 07:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}]
\Shell\AutoRun\command - F:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 07:24:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-15 06:32:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-01 03:36:01 C:\WINDOWS\Tasks\MSK_ABImport_Daily_Skip.job"
- C:\WINDOWS\system32\rundll32.exe<
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 22:29:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-03-01 22:31:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 03:31:40
.
2008-02-26 23:07:40 --- E O F ---

Sorry for the delay.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dculmchv.ini
C:\WINDOWS\system32\blpnhjsw.ini
C:\WINDOWS\system32\nnnlifg.dll

Driver::
nnnlifg

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BCAC431-C7C8-433E-BF4A-E0AE51FB856C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f5be7b2-33e4-40ca-819a-c496da694e22}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhiBtn"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlifg]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

Post a new Combofix log and a new Hijack This log please.

jabuck - thanks so much for the next steps. Below is the combofix log after pasting the command lines per instructions. Some notes: I did not close IE when I ran combofix. When it finished and I copied the code from Notes, my explorer page did not recover. I was able to call up the task manager and end combofix and notes (both were finished) and then start explorer.exe to get the desktop back. I noticed combofix found a number of backup vundo dll files and deleted them again - possibly some part of my virus protection/spysweeping is generating this backup? I may need help to flush it out for good. Will run Hijack this and post log next. I will also do the java script instructions before Hijack this. Here is the Combofix code:

ComboFix 08-03-01.3 - Skip 2008-03-02 22:10:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.449 [GMT -5:00]
Running from: C:\Documents and Settings\Skip\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Skip\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\blpnhjsw.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dculmchv.ini
C:\WINDOWS\system32\nnnlifg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\bhirpbuv.dllbox.bad
C:\VundoFix Backups\htpoobqj.dllbox.bad
C:\VundoFix Backups\milwzfbq.dllbox.bad
C:\WINDOWS\system32\blpnhjsw.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dculmchv.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 10:32 . 2008-03-02 10:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-01 22:09 . 2008-03-01 22:09 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-29 22:20 . 2008-02-29 22:20 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-02-29 21:28 . 2007-01-17 16:03 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-02-29 21:28 . 2007-01-17 16:02 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-02-29 21:28 . 2006-01-12 14:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-02-29 21:24 . 2008-02-29 21:24 <DIR> d-------- C:\Intel
2008-02-29 20:47 . 2008-02-29 20:47 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-27 17:34 . 2008-02-27 17:34 <DIR> d-------- C:\QVWIN
2008-02-26 20:42 . 2008-02-26 20:43 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
2008-02-26 18:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-26 18:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-26 17:51 . 2008-02-26 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-26 14:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 09:33 . 2008-02-26 17:51 <DIR> d-------- C:\WINDOWS\LastGood(2)
2008-02-25 21:36 . 2008-02-26 18:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Cakewalk
2008-02-25 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-24 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\QVWIN
2008-02-05 22:06 . 2008-02-05 22:18 <DIR> d-------- C:\SDAT
2008-02-05 22:03 . 2008-02-05 22:03 34,417,536 --a------ C:\sdat5223.exe
2008-02-05 09:58 . 2008-02-05 09:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-04 16:59 . 2008-02-04 16:59 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Grisoft
2008-02-04 16:59 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 16:58 . 2008-02-04 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 16:43 --------- d-----w C:\Program Files\Dl_cats
2008-03-02 16:43 --------- d-----w C:\Documents and Settings\Skip\Application Data\DellFaxCtr
2008-03-02 15:32 --------- d-----w C:\Program Files\McAfee
2008-03-01 23:39 --------- d-----w C:\Program Files\Media Resizer PRO
2008-03-01 02:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-01 02:34 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926
2008-02-22 04:08 --------- d-----w C:\Documents and Settings\Skip\Application Data\SiteAdvisor
2008-02-17 18:09 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-04 00:21 --------- d-----w C:\Documents and Settings\Skip\Application Data\gtk-2.0
2008-02-02 04:16 --------- d-----w C:\Program Files\MSECACHE
2008-02-01 02:42 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 02:57 --------- d-----w C:\Program Files\MediaCoder Audio Edition
2008-01-31 02:55 --------- d-----w C:\Program Files\GemMaster
2008-01-30 05:35 --------- d-----w C:\Documents and Settings\Skip\Application Data\MSNInstaller
2008-01-30 05:34 --------- d-----w C:\Documents and Settings\Skip\Application Data\ppstream
2008-01-30 05:31 --------- d-----w C:\Program Files\WildTangent
2008-01-29 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-29 00:05 --------- d-----w C:\Documents and Settings\Skip\Application Data\McAfee
2008-01-28 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 23:02 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-27 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-07-02 00:09 251 ----a-w C:\Program Files\wt3d.ini
2004-08-23 08:31 192,512 ----a-w C:\WINDOWS\inf\rmoem.exe
2002-11-14 14:32 55,808 ----a-w C:\WINDOWS\inf\devcon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BCAC431-C7C8-433E-BF4A-E0AE51FB856C}]
C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f5be7b2-33e4-40ca-819a-c496da694e22}]
C:\WINDOWS\system32\lccsjrst.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-28 19:22 282624]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 21:39 36904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04 304008]
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [ ]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 00:31 106496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [ ]

C:\Documents and Settings\Skip\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [2007-12-30 13:26:38 255408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g USB adapter.lnk - C:\Program Files\11g USB adapter\Wifiusb.exe [2004-09-06 08:11:36 487424]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-09-30 15:20:57 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlifg]
nnnlifg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Skip\\My Documents\\Websites\\Ipswitch\\WS_FTP95.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S2 0245771204471973mcinstcleanup;McAfee Application Installer Cleanup (0245771204471973);C:\WINDOWS\TEMP\[u]0[/u]24577~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 17:28]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys []
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2007-04-13 07:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}]
\Shell\AutoRun\command - F:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 07:24:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-15 06:32:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-02 03:36:00 C:\WINDOWS\Tasks\MSK_ABImport_Daily_Skip.job"
- C:\WINDOWS\system32\rundll32.exe<
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 22:14:06
ComboFix-quarantined-files.txt 2008-03-03 03:14:02
ComboFix2.txt 2008-03-02 03:31:45
.
2008-02-26 23:07:40 --- E O F ---

jabuck - the java page said J2SE is not available at this time (bottom of page) I have not made changes to java - will wait in case you have other instructions. Next up will be Hijackthis log. Thanks again.

Here is Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:57 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Skip\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: McAfee Application Installer Cleanup (0245771204471973) (0245771204471973mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\024577~1.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 8014 bytes

Spysweeper must be disabled and remain disabled until we get you clean. The instructions are in response #1 "disable realtime protection".

Please disable any of those realtime protecters and repeat response #4.

Try this link for the java update:

http://www.java.com/en/download/manual.jsp

I uninstalled spysweeper completely at the start per instructions because I felt it better to just get it off the pc entirely. I can reinstall from a disc when finished. AVG AntiSpyware 7.5 I disabled per instructions and left on the pc before sending all codes. My inquiry more recently is because I am concerned that other programs onboard may be generating the backups. I have McAfee onboard and did not disable it - should I turn off all protection before repeating response #4? Should I remove Windows Defender if there are remnants of it onboard too?

You can uninstall windows defender.

Please disable McAfee then go offline and run the scans. Be sure McAfee is re-enabled before getting back online.

jabuck - thanks for you help and patience. I disabled McAfee and AVG 7.5 and pasted the code back onto desktop and dropped into Combofix - ran the scan again. This time there were no files to delete. The code generated is below. I noticed that Combofix has kept copies of all the deleted files in it's quarantine folder. I will make changes to java per instructions and new link before running Hijackthis again...

ComboFix 08-03-01.3 - Skip 2008-03-02 23:23:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -5:00]
Running from: C:\Documents and Settings\Skip\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Skip\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\blpnhjsw.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dculmchv.ini
C:\WINDOWS\system32\nnnlifg.dll
.

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 10:32 . 2008-03-02 10:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-01 22:09 . 2008-03-01 22:09 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-29 22:20 . 2008-02-29 22:20 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-02-29 21:28 . 2007-01-17 16:03 35,704 --a------ C:\WINDOWS\system32\NicInst.dll
2008-02-29 21:28 . 2007-01-17 16:02 28,536 --a------ C:\WINDOWS\system32\NicCo.dll
2008-02-29 21:28 . 2006-01-12 14:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-02-29 21:24 . 2008-02-29 21:24 <DIR> d-------- C:\Intel
2008-02-29 20:47 . 2008-02-29 20:47 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-27 17:34 . 2008-02-27 17:34 <DIR> d-------- C:\QVWIN
2008-02-26 20:42 . 2008-02-26 20:43 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
2008-02-26 18:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-26 18:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-26 17:51 . 2008-02-26 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-26 14:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 09:33 . 2008-02-26 17:51 <DIR> d-------- C:\WINDOWS\LastGood(2)
2008-02-25 21:36 . 2008-02-26 18:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Cakewalk
2008-02-25 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-24 17:55 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\QVWIN
2008-02-05 22:06 . 2008-02-05 22:18 <DIR> d-------- C:\SDAT
2008-02-05 22:03 . 2008-02-05 22:03 34,417,536 --a------ C:\sdat5223.exe
2008-02-05 09:58 . 2008-02-05 09:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-04 16:59 . 2008-02-04 16:59 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Grisoft
2008-02-04 16:59 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-04 16:58 . 2008-02-04 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 16:43 --------- d-----w C:\Program Files\Dl_cats
2008-03-02 16:43 --------- d-----w C:\Documents and Settings\Skip\Application Data\DellFaxCtr
2008-03-02 15:32 --------- d-----w C:\Program Files\McAfee
2008-03-01 23:39 --------- d-----w C:\Program Files\Media Resizer PRO
2008-03-01 02:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-01 02:34 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926
2008-02-22 04:08 --------- d-----w C:\Documents and Settings\Skip\Application Data\SiteAdvisor
2008-02-17 18:09 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-04 00:21 --------- d-----w C:\Documents and Settings\Skip\Application Data\gtk-2.0
2008-02-02 04:16 --------- d-----w C:\Program Files\MSECACHE
2008-02-01 02:42 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-31 02:57 --------- d-----w C:\Program Files\MediaCoder Audio Edition
2008-01-31 02:55 --------- d-----w C:\Program Files\GemMaster
2008-01-30 05:35 --------- d-----w C:\Documents and Settings\Skip\Application Data\MSNInstaller
2008-01-30 05:34 --------- d-----w C:\Documents and Settings\Skip\Application Data\ppstream
2008-01-30 05:31 --------- d-----w C:\Program Files\WildTangent
2008-01-29 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-29 00:05 --------- d-----w C:\Documents and Settings\Skip\Application Data\McAfee
2008-01-28 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 23:02 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-27 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-07-02 00:09 251 ----a-w C:\Program Files\wt3d.ini
2004-08-23 08:31 192,512 ----a-w C:\WINDOWS\inf\rmoem.exe
2002-11-14 14:32 55,808 ----a-w C:\WINDOWS\inf\devcon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-28 19:22 282624]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 21:39 36904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04 304008]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 00:31 106496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [ ]

C:\Documents and Settings\Skip\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [2007-12-30 13:26:38 255408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g USB adapter.lnk - C:\Program Files\11g USB adapter\Wifiusb.exe [2004-09-06 08:11:36 487424]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-09-30 15:20:57 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Skip\\My Documents\\Websites\\Ipswitch\\WS_FTP95.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S2 0245771204471973mcinstcleanup;McAfee Application Installer Cleanup (0245771204471973);C:\WINDOWS\TEMP\[u]0[/u]24577~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 17:28]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys []
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2007-04-13 07:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}]
\Shell\AutoRun\command - F:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 07:24:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-15 06:32:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-03 03:36:00 C:\WINDOWS\Tasks\MSK_ABImport_Daily_Skip.job"
- C:\WINDOWS\system32\rundll32.exe<
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 23:24:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 23:25:38
ComboFix-quarantined-files.txt 2008-03-03 04:25:27
ComboFix2.txt 2008-03-03 03:14:07
ComboFix3.txt 2008-03-02 03:31:45
.
2008-02-26 23:07:40 --- E O F ---

The only remaining problems were the registry entries and they have been removed.

You need to have java updated before you continue, then we need to double check for any lurking baddies.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Will proceed per instructions. Here is Hijackthis code after removal of old java run time and installation of new java - did not reboot after uninstall/install and so the java part may not show. Anyway here is Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:43 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Skip\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: McAfee Application Installer Cleanup (0245771204471973) (0245771204471973mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\024577~1.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 8208 bytes

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

ATF link doesn't work.
Checked the Russian name link and it works but did not follow those instructions yet because I figure ATF should be first per your post. Can you check the link again? Thanks very much for this huge investment of your time - your help and expertise are greatly appreciated - how did you learn all of this - amazing!

Notice red X still shows on C: drive

Did you try the suggestion in response #14?

Try this link for ATF cleaner.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

jabuck - actually we both send a post about the red x at the same time - i had not seen your instructions in #14 - but followed them and it worked. No red X. Tried the ATF link again - still doesn't work. Should I proceed to the Russion named link and continue? Wow, thanks again.. you're a genius!

Download crap cleaner from this link:

http://filehippo.com/download_ccleaner/

After you download it to your desktop and begin installing it only allow the "install icon on desktop" or it will bug you . Then run it, be careful it's powerful us only the precheck items.

Here is report from Kaspersky scan (a lot of locked files and 3 positive infections were found)- will continue with crap cleaner per instruction #20:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 03, 2008 2:09:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/03/2008
Kaspersky Anti-Virus database records: 593848
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 65152
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:19:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{23D39867-7544-422A-9092-4B5A7274AA2E}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3ADF7BE3-B163-4617-8AD0-4AA095F806F8}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR7.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Skip\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Skip\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Skip\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Skip\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Skip\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx/[From s=dkim; d=paypal.com; c=nofws; q=dns; h=Thread-Topic:Content-Class:Received:Message-ID:Date: From:To:Subject:MIME-Version:Content-Type:X-MimeOLE: Content-Transfer-Encoding:X-Mailer:Return-Path: X-OriginalArrivalTime; b=26jADCsAs9FFkiQtQiSu+svjke Infected: Trojan-Spy.HTML.Paylap.cf skipped
C:\Documents and Settings\Skip\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Skip\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\Temp\sqlite_RicGTg7wKDBCVsg Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\Temp\~DFD19F.tmp Object is locked skipped
C:\Documents and Settings\Skip\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Skip\ntuser.dat Object is locked skipped
C:\Documents and Settings\Skip\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9E8AC2C1-9010-4755-AD09-CB5DBE456F36}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_wFdECMfNTjX7bCl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_4FJC0SbAIB7Qd9e Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dHrABJZr5Q6wTKe Object is locked skipped
C:\WINDOWS\Temp\mcmsc_QctTUcgWoOF8im4 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_yvHOg9mkdSWgrNw Object is locked skipped
C:\WINDOWS\Temp\sqlite_k8tdGERk8G2Sguy Object is locked skipped
C:\WINDOWS\Temp\sqlite_kuNTYLQsdsmbGRD Object is locked skipped
C:\WINDOWS\Temp\sqlite_y0YoIQeUvxVDBm4 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\change.log Object is locked skipped

Scan process completed.

CCleaner found a similar number of locked files on C drive... not sure it got rid of them - when I opened the report section, it said nothing had been deleted yet. I ran the registry analysis and saved a backup, it found 326 issues, all listed as left over invalid files from previous uninstalls... I selected "fix all".

I await word from you on how to finish this complicated piece of restoration. Thanks so much for your help.

Empty your email inbox, looks a though you have an infected email. Otherwise you are clean. How is the computer operating?

jabuck - i deleted both inbox and sent folders. The computer seems fine. I have one programs at bottom tool bar - Windows Phishing Filter that doesn't work but sits there with a red X all the time. Part of Windows Defender that I did my best to uninstall back with all this started. N