OK lots of repairs needed here.
c:\windows\system32\srsvc.dll . . . is infected!!
Recovery console needs to be installed to repair this
So run Combofix again but install the recovery console first and accept the windows to search for spare copies
Once that has completed we will need to repair netsvc registry entries.
Copy all of the data in the code box to a notepad file and you must save it as Netsvc.reg
Just in case you are not sure how to do that :
When you save the note pad file in the drop down box select all file types
Save as netsvc.reg to your desktop
Double click and allow to merge
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]
"Start"=dword:00000003
THENPlease download and run these tools which are designed to restore some standard policy settings. They are not harmful.
VArestorepolicies.INF
Download this INF repair file from here:
http://users.telenet.be/bluepatchy/miekiemoes/tools/VArestorepolicies.zip VArestorepolicies.zip by MS-MVP Miekiemoes
Unzip or open the file VArestorepolicies.zip
Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install
FixPolicies.exe
Download this self-extracting ZIP archive from here:
http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
Double-click FixPolicies.exe
Click the "Install" button on the bottom toolbar of the box that will open
The program will create a new Folder called FixPolicies
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close
These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.