Posts by jholland1964

How about the Malwarebytes' Anti-Malware program and the ESET Online Scanner? Have you run those? I will need those logs too. Also be sure you have Malwarebytes fix everything it finds.

Follow the instructions given HERE Post back with the requested logs.
I notice you are still using Firefox 3 Beta. You should update Firefox as version 3 is no longer a beta version and is now at version 3.01.

You may be using Firefox, but where is your full antivirus program? I see some Norton files but it doesn't appear to be the full program running, am I wrong?

Hey PP, stick around! I only jumped in because I thought you were away.

If you can download MBA-M via safe mode with networking to your computer then you should also be able to update it and also run it from safe mode too without having to load to a cd. See if you can do that first. Malwarbytes DOES work in safe mode though it was not designed to work that way, but it will according to their website. Doing a safemode scan with MBAM should only be done when a regular mode scan fails . You just have to remember to MANUALLY save the log it produces because it doesn't save it automatically when in safe mode. It will run and fix in safe mode.

Happy that I could supply some help. Good detective work on your part finding that Zone Alarm problem. Bravo to you!!!
Now should your friend question the use of the Windows Firewall here is the explanation I always use as to why I myself use it and not another. Have kept this from a forum I used for years, fellow really always gave top notch advise and this has worked for me without difficulty for going on 5 years;

Windows Firewall blocks only incoming stuff whereas third-party firewalls block both incoming and outgoing stuff. This means that were you to inadvertently allow a trojan to be installed, WF would not prevent it from calling home with whatever information it had managed to harvest from your computer (passwords, monitored keystrokes, etc, etc). So, in theory, a third-party utility will offer a greater level of security than WF. However ...

... simply adopting safe surfing practices (not downloading applications from warez sites or via file-sharing utilities, not installing no-cost applications from little-known developers, etc, etc, etc) and running a good antivirus utility should be sufficient to prevent any trojans or other unwanted items from finding their way onto your computer and so a bi-directional firewall is, IMO, of less importance than many people seem to think.

Furthermore, look back over old threads and you'll find few (if any) instances of a person being "stung" as a result of using WF - but you'll find significantly more threads relating to problems caused …

Try downloading in safe mode with networking and see if it works.

It's Avira with something still running in the machine that I can't find. The Avira Scheduler Service and Guard Service are trying to run and there's nothing to run

Go to Start, Control Panel, Administrative Tools, Services. When this opens everything is listed in alphabetical order and scroll down to Avira listings, there are probably two of them like it shows in my first attachment.
One at a time double click on each entry. Change Start up type to Disabled. Click Apply.
See both of my other attachments.
Once you have done that then reboot the machine and see if errors are still appearing.

Your logs show your AV as up and running. It shows that it does boot up as a service when the computer boots up and also via Startup programs. It shows that it IS running in the background.
Do you have an Icon on the taskbar showing that it is there? Have you checked within the program itself to be certain you have all the necessary choices enabled to insure that it is up and running at all times? I am not familiar with this program, though it has a good reputation, is there someplace within the program to schedule updates? Perhaps this is something you have not selected.

In IE go to Tools, Internet Options, Privacy Tab. There is where you will find the option to turn on or off the pop up blocker.

It's saying there are processes that weren't loaded at startup.

So, I've suspected for some time that my copy of XP has been compromised somehow and that the crashes come when the system calls one of these subroutines that's not there. What that would mean by now is that the backup for XP now doesn't have the files either. Short of buying a full copy of XP, how can I clean this up since the O/S no longer comes with the machine?

Number 1;
What ARE the processes which are not being loaded?
Number 2; No, this does not necessarily mean your copy of XP is compromised, this just means they are disabled. It is very possible they can be turned back on, but I need to know what they are. That does NOT mean the backup doesn't have the files either. Backup is exactly what it means...a backup copy. A working copy may have compromised or corrupted files but the backup copy isn't used...it is sitting there as backup...usually untouched.
Number 3. Did your system come with a restore disk? If so, then you DO have a copy of XP. If the computer has a restore partition, then you DO have a copy of XP. However, if this was/is a pirated copy of XP then no, you do not have …

Delete that HJT program, that is the old version. Download the new version here and save it to the desktop. Don't use it yet.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

After you have run MBA-M and saved the log then also run a new HJT scan and save the log. Post back here with both logs.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Whew natchnatty! I don't even know how the computer is even running with all the infections on there!
MalwareBytes’ Anti-Malware found and removed 273 infected items from files, folders, registry items, Memory Modules
ESET Scanner has located 17407 trojans and virtually all of them are located in
C:\Documents and Settings\Adam\Shared\
Each and every one of these appeared to be a .zip file. By shared am I to assume these are files shared from others on the internet? If so..this shows you how very dangerous this is to do, ESPECIALLY when you are not using an Anti-virus program OR a firewall.

You need to run ESET again and this time tell it to clean everything found.
Once you have done that come back and post the new log.

I also see by the log that you DID NOT uninstall Spyhunter. It must be uninstalled and you absolutely MUST install and antivirus program. There are many very good FREE ones out there, Antivir, Avast, AVG8 to name three. Choose one, download and install it. Then update it. Then do a full system scan with it and have it fix everything found.
Once you have done both of those steps then run a new HJT scan and come back here and post the new HJT log, the new ESET log and also see if you can get a log from your new antivirus program

Did you scan the entire computer...all users included?
Where are the scan logs and others you may have done? We really need to see, and know, what was found, where it was found and how it was removed.

Camera software can be a pain really. Much of the time if you use a card reader instead of just hooking the camera to the computer the software that came with the camera doesn't need to be installed at all. I have had three digital cameras, an HP, and two Olympus and used card readers with all and never installed any of the software that came with the cameras.
I am "leaning" towards the problem being the HP Image program...it too contains a Photo Gallery portion. Ask him if he uses this, if not, uninstall it. If he does, be sure he has the disks and have him totally uninstall it. See if he still gets that Photo Gallery message. If he doesn't then he knows that is what caused it. It was probably a corrupt file in there. If he wants to use the program then have him install again but when he does have him go offline, disable his antivirus and firewall and install. Reboot and see if the message comes back, if not then he knows that is what the problem was. Be sure to then have him re-enable the antivirus and firewall.

Alright, thanks for helping me sort out that issue.

I have an old version of Spyware Blaster installed which I can update. A friend was recommending Spybot Search & Destroy though, any idea what the difference between the two is?

Spybot is an EXCELLENT program. It is a great FREE scanner, remover program. I highly recommend it. You can download the newest version HERE Save it to the desktop. Double click to install. Be sure that youDO NOT to enable the TeaTimer portion of the program, it frankly is more trouble than it is worth and can interfere with removal of nasty items should the case arrive. Once you have it installed then be sure to update it. Keep it manually updated each week and once it is updated then always remember to do a full scan with it. Once the scan is finished then have it remove any critical items it finds.
Now, as for the difference between SpywareBlaster and Spybot...a lot. SpywareBlaster is a protection program, no scanning involved, just install, update weekly, enable new protections and close the program. Be sure to enable protection for Internet Explorer AND Firefox if you use that browser also. Plus, Enable the Restricted Sites portion of SpywareBlaster too.
When you scan with Spybot for the first time it is likely you will find a lot of items it should remove BUT after that, if you also have SpywareBlaster on the computer the items Spybot will find in …

Be sure to come back here, to this thread, and let me know how things are going.
Judy

The computer prompts "Application Failed to Load" errors upon log in. Then a program called PhotoGallery tries to install automatically but fails repeatedly.

For the above part of your post, I am guessing that this has something to do with either your Olympus Master software or else your HP...whatever you have...printer?
Neither of these programs...the Olympus Master OR your HP Updates need to run at start up and can easily be run manually, I would remove both of those from autostart and see if this makes a difference with the Photo Gallery program trying to install. Both of these have a Photo Gallery portion to them. There is also a Windows Live Photo Gallery which may be trying to load. Don't know if you have tried to install this or not, if so the application failed, possibly because the download was corrupt. Have you looked in your Add/remove to see if there is a Photo Gallery of some kind listed there? If so try uninstalling it.
Now wireless is really something I don't know about so I cannot help you there. But how long has that problem been happening?

Happy to have helped.

Still waiting for the ESET log. What was the name of the program you downloaded? Did you uninstall it?

Why is this 4 year old thread coming up?

Have gone through your logs.
In addition to too many processes running, and too many autostarting programs (which I will get to in a moment) you really don't have enough RAM installed on the computer. According to the Deckard Scanner you have 256MB of RAM on the computer, this is obviously not enough. Their recommendation shown is to increase to 512 MB, I would certainly agree to at least this increase, but my recommendation would be to go to at least 1GB of RAM. RAM is not expensive, easy to install yourself in a matter of moments and will greatly increase the speed of the computer. I suggest that you go to Crucial and do their free online scan for RAM recommendations. It takes only a moment and then they will give you the recommended amounts for your system and exactly what to purchase. I have purchased through them several times and have always been very satisfied with their prices and, depending on where you live, their delivery time. There prices are generally one of the best you can get and you can receive instructions from them on the install. It will definitely speed the system and as I said the cost is not high.

Now Malwarebytes' Anti-Malware scan removed 1 infected file and 5 infected registry keys.
Don't see an ESET Scanner log.
You have a HUGE number of unnecessary programs running at Start up and therefore running all the time in the …

Have found this information you might try, now you didn't say if you have the pop-up blocker turned on or off but try this and see if it makes a difference go to that Accuweather site where you had the problem and try changing your settings to always allow pop-ups for this site.
You need to check
your Internet Privacy Options (which will be the same in IE6 &7). If you are
using IE7 then at the bottom of the page for the site you should see a small
icon for changing the security options for the site and you can do it there
online. Allow all popups.
See if this makes a difference.

Ok, looks good. One thing I would advise is to download and install SpywareBlaster
It is really a MUST HAVE program. It is FREE and great thing about this program it DOES NOT run in the background but it absolutely protects the computer by doing the following;

Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Blocks spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restricts the actions of potentially unwanted sites in Internet Explorer.

Download, install, update and then enable all and close the program. That's it.
Just remember to manually update and enable new items weekly.
You also need to update your Java program. You are currently running version 6 update 1, newest version is version 6 update 7.
Go HERE Choose the Offline Install program. Save it to the desktop. Once that has downloaded then close out your browsers. Go to Add/Remove and Uninstall ALL previous versions that you find. Once you have done that then install the New version by double clicking that install file on the desktop. Once it installs then go HERE to verify the new version has been correctly installed.
Finally, set a new System Restore point by disabling System Restore, wait a minute and then turn it back on.

Hi Ixidor,
First of all, you are running TWO antivirus programs, AVG8 and Symantec/Norton. This is an absolute NO-NO. Presuming that the AVG8 is the free version, go to Add/Remove and Uninstall it. Then do a file search on the computer for anything AVG and delete it. IF you paid for both programs then you choose...whichever one you want to keep, keep it, but UNINSTALL the other one completely immediately. You also show you are running Zone Alarm Firewall which is fine, as long as it is the ONLY ONE firewall you are running. If you are also using the Windows Firewall, turn it off. Same rule applies to firewalls....ONLY ONE.

Now one reason Malwarebytes Anti-Malware may not have been able to remove all files, the database is out of date, current one is 1032 and yours shows 1012. I know you had to download it on another machine and then copy it to yours so that is probably the reason. Once you did have it installed did you attempt to update it? Now Malwarebytes does show it removed the files, and in fact the second log shows fewer than the first one and the ones it found are actually not exactly the same files in all cases. The two antivirus programs running also probably played a big part in this also and you need to close all unnecessary programs, including browser and Spysweeper from running while these removal programs are running.

Please re-enable System Restore if …

Well rats! zeroth, I thought we had this licked last week!
I really don't see a thing in the log.
Tell me, how much RAM is installed on the sytem?
Have you done "general housecleaning" of the computer lately? Don't mean disk cleanup or anything like that, I mean checking for dust inside the case, vents, on fan blades, etc.?
Also, go to Start, Control Panel, Administrative Tools, Event Viewer. Click on Application and take note of errors showing there around the time of the shut downs. Double click on one of them to actually see what caused the error.
Do the same in System. This "might" give us a clue, can't promise it will but it cannot hurt to check.

Hi, sorry about your difficulties. If you are absolutely certain that the virus has completely been removed then here are some links which may help;

http://vistasupport.mvps.org/windows_vista_repair_options.htm

http://windowshelp.microsoft.com/Windows/en-US/help/e77344fa-e978-464c-953e-eba44f0522671033.mspx

I have to stress though, you must be absolutely sure that the virus is really gone, otherwise you will find yourself in the same situation. If I may ask, what was the name of the virus, where was it located, and most importantly how did you remove it?

Sorry it has taken so long to reply. Can you attach the Malwarebytes log for us? We really need to see that. I'm going through your HJT log and will get back with you on that, but attach that Malwarebytes log ok?

Really happy to be of help.
Judy

thanks for the reply i have tried to remove all of norton and symantec i am now searching to see if anything is left. i have finished work for the day now so i will run what you have asked and post back in the morning and let you now how it gets on.

i will stop the unnesaccery start ups in the morning.

thanks for all your help on this. my comp might eventually be infection free.

o and another thing bridge does not work any more since the virus's found where removed. that will have to be reinstalled.

That is fine. I will check back on it tomorrow. The infected file was a trojan downloader located in the Adobe Acrobat Reader 6.0. There are newer versions of the Acrobat Reader, in fact the latest version is Adobe Reader 9

Looks good to me Barry. How is the computer running?

Other than some unnecessary auto starts the system appears to be clean.

You are still showing portions of Norton running on the system, plus your Add/Remove log shows Norton 360. Since you appear to be using Avast as your antivirus program then you absolutely MUST uninstall that Norton. Use Add/Remove to remove the Norton 360 and then do a file search on the computer for Norton and then Symantec. Remove all instances found.

You say that you CAN connect to the Mac now?

Malwarebytes' Anti-Malware removed the Vundo Trojan. Empty the quarantine files there and update and run the program again. I would also like you to run HiJackThis again and post back with both new logs. Do this AFTER uninstalling that Norton program and also updating your Java program.
As I said before you have quite a few unnecessary auto starts, one of them being Microsoft Office. This can very easily be run manually and doesn't need to auto start.
One of the application hangs showing on the logs was for bridge.exe...there is a possiblilty that this could have been a trojan. Another showed a hang on Windows Word and another on Outlook. Do you use Outlook as your email program?

One important thing to remember, stick to one anit-spyware/scan service... there are a lot of rogues out there

If it still does not seem to work after running the program jholland has suggested, try turning off restore point, sometimes this can interfere with the scanning process as well

If all else fails, try doing this all in safe mode

Also, if you are using IE, try switching to Firefox, it is much more secure, and in my opinion, faster

Sorry, have to disagree here. The rule is one anti-virus program and one firewall, but not one anti-spy program. While I don't suggest running a huge number, but more than one is generally what is advised. Each anti-spy program looks for different things and different types of malware, what one finds another may not. Yes, there are a lot of rogue programs out there and one should follow the advice given at forums like this one and several of the other well respected forums. Most all recommend using at least two.
I would also disagree on using System Restore to roll back to a time before the infection. Most of the time most people do not know exactly when that infection entered the computer, this would be pretty much of a shot in the dark and picking the correct restore point. Plus, with the use of cleaning tools like MBA-M and others which may be recommended one should leave System Restore running, unless specifically told to disable by the person …

Before you do anything please go in and STOP AdAware service from running on the computer. This could interfere with any fixes attempted. Also turn off AVG Anti-Spyware 7.5. This program can actually be uninstalled as it is out of date and no longer supported and also could interfere with attempted fixes. The newest version is now contained within AVG 8 antivirus program. Turn off that Spyware Hunter program also. This could interfere also. Also, this does not appear to contain an antivirus program or firewall.

One thing you are showing on the log is the VistaAntivirus2008 program which is a Rogue anti-spy program. You need to do the following which WILL remove this and other items, maybe not all but if we can get this thing off there then maybe we can get busy on some of the other scans you need to do;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. …

Do you have an AVG log that we could see? That certainly would help.

Follow as many of the instructions given as you can as we need to see those logs before any other determination can be made.

Hello and Welcome,
We need a lot more information than you have supplied. How do you know the computer is infected? Have you run scans or what?
All three of those processes you have listed can be legitimate processes;

Global.exe is used to display members of global groups on remotes servers or domains
fonts.exe is usually the usually are what it says, fonts.
telnet.exe is an internet communications protocol
Of course all could also be viruses or malware too, using the names of legitimate processes. But we need to know how you know these are infections and not the legitimate processes found on most or many PC's.

We need information about the computer too...operating system, antivirus program, etc.
What symptoms is the computer showing that leads you to believe it has some sort of infection on it?
You should go here Read me before posting a request for assistance and follow all of the instructions there. Run all of the requested programs and be sure to follow the instructions for each program, if it says to have the program remove or fix items found then please do so.
When you have completed all the steps and scans in the link above then post back here with the requested information and all of the logs. Then we will be more able to help you get the computer clean.

Looks pretty good, just a few files I am not sure about so I would like you to go Jotti's malware scan
There you can upload files and they will be analyzed by apporx. 20 different scanners to maybe tell us exactly what they are.
At the top of the Jotti page there is a window, there you will copy/paste the names and location of these files and then click the submit button. The file will be scanned and the results given to you. Please post those results here. There is a browse button but you will only need to click the submit button since the combofix log gave us the locations. You will have to do these one at a time.
Here are the files you need analyzed one at a time;

C:\WINNT\system32\Jamster.ico

C:\WINNT\system32\ZoneAlarmIconUS.ico

C:\WINNT\mkok

C:\Program Files\Common Files\mkok

Post back here with the results.

You note that you have, and it is showing in your HJT log that you have spyhunter. Where is your Anti-virus program? Where is your Firewall? I have researched the Spyhunter Security Suite but no where can I find that it does contain an anti-virus program or firewall.
SpyHunter was formally listed as a rogue program by Spyware Warrior. Now it has been "delisted" but I am always leery of programs which have been called rogue applications in the past so I have the same feeling today about SpyHunter Security Suite. There are many, many excellent FREE programs which do a fantastic job of cleaning the computer AND keeping it clean, so this is really a program I, personally, cannot recommend.
What version of Firefox are you using?
Can you please run the steps given here
Read me before posting a request for assistance
Follow all the steps exactly, if the instructions say clean items found then be sure and do so.
Once you have completed those steps then post back here with the requested logs.
Judy

Sorry - i am a biff! I dont know if this is a result of the virus but the computer fails to load the bottom half of the previous page and freezes when i cut and paste the log entries leaving me unsure if its posted or not.

Don't think it is a virus but some problem with the page coding. I cannot load it with Firefox either and when I load it with Internet Explorer 7 it says loaded but with errors. I can see the entire page with IE7 however.
Am going through your logs now and will get back with you. Did you also run the ESET Online Scanner again and allow it to Fix whatever found? If not please do so. Post that new log when you complete it.

Check properties on both logos, that should give the date of install. You can remove an icon, this is just a shortcut and doesn't remove the actual program.

when ever i try to connect to the mac across the network my pc restarts and then tells me it has recovered from a serious error.

Have you previously been able to do this successfully?
Your logs shows various infections have been present at various times, other than this one. You have SDFix backups showing for one thing.
Can you look in the Event Log and see if it gives you information on the serious error?
Go to Start, Control Panel, Administrative Tools, Event Viewer. Look in there and see if you can find reference to this serious error and post here what you find.

I would say, just to be safe do one more malwarebytes scan also. I will look though this one and wait for the other.
Judy

hello friends,
The one which u got is browser virus and the virus code is written in VBscript (.VBS) type
and its a usb virus
can u please send me the latest log of ur system.

BYE

Rakesh Nagekar.

We are well aware of what virus this is, that is why the various steps have been requested. I am sure help123456789 will post the requested logs back here when the steps have been completed. Then you will be able to view the logs just like the rest of us. It is not customary to send the logs anywhere.

I HAD THE SAME PROBLEM WITH MY PC.. I INSTALLED 'MALWAREBYTE'S ANTI-MALWARE DESTROYER'.. FREE DOWNLOAD.. - DO THE UPDATES 'N RUN THE 'QUICK SCAN'.. IN 'SAFEMODE! >> IT SHOULD FIX EVERYTHING..!

http://www.malwarebytes.org/mbam.php

The program noted, Malwarebytes' Anti-Malware,
an EXCELLENT program, and it IS ONE of the programs and steps requested in the sticky Read me before posting a request for assistance that the poster, WhtRhino, has been asked to run. I must remind all reading this that all steps in the sticky should be completed to assure that good clean up steps are taken. Then the logs should be posted so that they can be read to see if other steps are required. One has to assume that if there is one infection on the computer then there very well could be more. This is why more than one clean up step is recommended. One program normally does not fix all problems.

thanks for looking, crunchie. Would you mind taking a look at my other post in the Windows XP forum, titled Repair Iinstall problem - how can I abort??

Thanks

For anyone interested in what is going on then see this thread;
http://www.daniweb.com/forums/thread138561-2.html

I suggest that you scan that USB device with your anti-virus program to see if you can remove this worm.
I also want you to run that ESET scanner again and have it fix/remove everything it finds.

Then you should do the following also;
Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive before we begin!

Download Flash_Disinfector.exe by sUBs and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Once you have done the above please reboot and run HJT again …

Looking good Barry,
Just a couple more cleanup steps;
Open Notepad and copy/paste the text in the below quote box into it:

KILLALL::

Folder::

C:\WINNT\system32\ywmivq.dll
C:\WINNT\system32\csibuesi.dll
C:\WINNT\system32\tagyoogx.dll
C:\WINNT\system32\yhcyuj.dll
C:\WINNT\system32\ewqndptq.dll
C:\WINNT\system32\cfchunpg.dll
C:\WINNT\system32\psfbkt.dll
C:\WINNT\system32\jnbfmson.dll
C:\WINNT\system32\ekfjmlug.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OOBEDDDemise"="erase" [X]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Next run HiJackThis again and place checkmarks next to the following entries if they still exist;

O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
Once you have the checkmarks placed then click the Fix Checked button.
Exit HJT.
Reboot the system.
Run HJT once more and post the log here.
Now, you do not appear to be running a Firewall or you are running the built in Windows Firewall, which is fine, but you do need a firewall.
Also, your …

Please take your email address out of your post. This is a great way to receive lots of spam.
You should run the steps given here Read me before posting a request for assistance
Follow ALL instructions exactly. If instruction reads allow to fix then do so. Save all requested logs and when you have completed all the steps then post back here with all the requested logs.

You need to complete the steps given here Read me before posting a request for assistance
Please follow each step exactly. If the instructions say allow to fix, then please do so as this will help get the machine clean.
Once you have completed all the steps then post back here with the requested logs.