ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

Please do not run any tools unless instructed to do so. 

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
• If I ask a Question just answer it, don't run anything unless it states.
• Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

Please read every post completely before doing anything. 

• Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
  
  
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

What is your Operating System, including if it's 32 bit or 64 bit??

Quads

Windows XP Service Pack 3

32 bit

Please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook.html  the 32 bit version

Disable Norton for say 30 mins

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:  (don't forget the : in front of :filefind)

:filefind

\n

\@
*.@

services.exe

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply (attach to message).

Note: The log can also be found on your Desktop entitled SystemLook.txt

Quads

The network connection on the computer is not working anymore (I'm getting a limited or no connection on the adapter.)  So I was finally able to get the program to the computer and run the program.  I am attaching the log here.

Thanks,

Ron

Disable Norton for say 30 minutes

Start OTL,   under   Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom)  and run the script. (Red Run Fix Button)

The output log, should be placed in the C:\ _OTL folder after.

Quads

I'm not sure that I understand the last request.  Is OTL a program that I am supposed to have?  Is it something else?

Thanks,

Ron

Download OTL http://www.bleepingcomputer.com/download/otl/

Quads

Here is the log from the OTL run

Step 3. 

Please read carefully Read all of this message first

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix

• Ensure that Combofix is saved directly to the Desktop <--- Very important  (Not in the Download(s) or Temp folders)
  
  
• Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
• Close any open browsers and any other programs you might have running

Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"

• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads