PC running slow-Getting a lot of popups...

[Kyle]

Here are my logs:
Malwarebytes :
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-2DE1E3590B [administrator]

9/12/2012 1:28:11 AM
mbam-log-2012-09-12 (01-28-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292026
Time elapsed: 1 hour(s), 19 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\Installer\{37b6c54b-9db4-3fd1-5988-ffcc851c49e0}\U\80000000.@ (Trojan.Small) -> Quarantined and deleted successfully.

(end)

AdwCleaner:
# AdwCleaner v2.001 - Logfile created 09/12/2012 at 01:17:25
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - YOUR-2DE1E3590B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8og43lr.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1851 octets] - [12/09/2012 01:17:25]

########## EOF - C:\AdwCleaner[R1].txt - [1911 octets] ##########


DDS's:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 3:23:56 on 2012-09-12
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.895.231 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WsAudio_Device] RUNDLL32.EXE "c:\documents and settings\owner\local settings\application data\wsaudio_device\uilqvjul.dll",VerifyInterfaceVersion
uRun: [ICQ] "c:\program files\icq7m\ICQ.exe" silent loginmode=4
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: Free YouTube Download - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\icq7m\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i8og43lr.default\
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2012-3-30 20160]
.
=============== Created Last 30 ================
.
2012-09-12 05:59:12   --------   d-----w-   c:\program files\CCleaner
2012-09-11 07:30:35   477   ----a-w-   c:\documents and settings\owner\.tmp
2012-09-04 08:59:04   --------   d-----w-   c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-09-04 08:57:34   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-04 08:57:34   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-23 08:42:27   --------   d-----w-   c:\documents and settings\owner\application data\Malwarebytes
2012-08-23 08:42:17   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-23 08:42:17   --------   d-----w-   c:\program files\Malwarebytes
2012-08-23 08:42:17   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-08-22 13:28:10   466944   ----a-w-   c:\program files\mozilla firefox\plugins\NPcol400.dll
2012-08-22 13:28:09   --------   d-----w-   c:\documents and settings\owner\application data\Catalina Marketing Corp
2012-08-15 00:11:30   9826504   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 08:29:39   --------   d-----w-   c:\program files\ICQ7M
.
==================== Find3M  ====================
.
2012-08-22 10:02:06   73416   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 10:02:06   696520   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH:  3:25:30.32 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2012 11:27:53 AM
System Uptime: 9/12/2012 3:02:47 AM (0 hours ago)
.
Motherboard: Gateway |  | MCP61SM2MA
Processor: AMD Sempron(tm) Processor LE-1200 | Socket AM2  | 2109/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 72.349 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.681 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 6/13/2012 3:41:44 AM - System Checkpoint
RP96: 6/13/2012 5:49:56 AM - Software Distribution Service 3.0
RP97: 6/14/2012 2:35:46 AM - Software Distribution Service 3.0
RP98: 6/14/2012 6:32:22 PM - Software Distribution Service 3.0
RP99: 6/15/2012 6:44:56 PM - System Checkpoint
RP100: 6/16/2012 3:00:11 AM - Software Distribution Service 3.0
RP101: 6/16/2012 7:31:23 PM - Software Distribution Service 3.0
RP102: 6/17/2012 12:06:23 AM - Software Distribution Service 3.0
RP103: 6/17/2012 5:07:13 PM - Software Distribution Service 3.0
RP104: 6/17/2012 6:09:52 PM - Software Distribution Service 3.0
RP105: 6/18/2012 3:00:18 AM - Software Distribution Service 3.0
RP106: 6/19/2012 3:00:12 AM - Software Distribution Service 3.0
RP107: 6/20/2012 12:25:44 AM - Software Distribution Service 3.0
RP108: 6/20/2012 3:46:40 PM - Software Distribution Service 3.0
RP109: 6/21/2012 12:59:18 AM - Software Distribution Service 3.0
RP110: 6/22/2012 2:33:48 AM - Software Distribution Service 3.0
RP111: 6/23/2012 1:02:40 AM - Software Distribution Service 3.0
RP112: 6/24/2012 1:15:20 AM - Software Distribution Service 3.0
RP113: 6/24/2012 11:56:50 PM - Software Distribution Service 3.0
RP114: 6/26/2012 3:00:13 AM - Software Distribution Service 3.0
RP115: 6/26/2012 3:16:09 AM - Software Distribution Service 3.0
RP116: 6/27/2012 2:43:32 AM - Software Distribution Service 3.0
RP117: 6/27/2012 5:51:38 PM - Software Distribution Service 3.0
RP118: 6/28/2012 11:53:03 AM - Software Distribution Service 3.0
RP119: 6/29/2012 3:00:12 AM - Software Distribution Service 3.0
RP120: 6/30/2012 3:00:12 AM - Software Distribution Service 3.0
RP121: 7/1/2012 6:57:05 PM - System Checkpoint
RP122: 7/3/2012 11:00:26 PM - System Checkpoint
RP123: 7/5/2012 1:38:41 PM - System Checkpoint
RP124: 7/7/2012 9:39:02 PM - System Checkpoint
RP125: 7/8/2012 9:48:10 PM - System Checkpoint
RP126: 7/9/2012 10:27:09 PM - System Checkpoint
RP127: 7/11/2012 2:18:29 PM - System Checkpoint
RP128: 7/12/2012 5:03:22 PM - System Checkpoint
RP129: 7/14/2012 9:33:09 PM - System Checkpoint
RP130: 7/16/2012 12:14:40 AM - System Checkpoint
RP131: 7/17/2012 12:19:19 AM - System Checkpoint
RP132: 7/18/2012 12:13:40 PM - System Checkpoint
RP133: 7/19/2012 2:00:59 PM - System Checkpoint
RP134: 7/20/2012 11:05:05 PM - System Checkpoint
RP135: 7/22/2012 12:01:17 AM - System Checkpoint
RP136: 7/23/2012 1:04:08 PM - System Checkpoint
RP137: 7/24/2012 3:00:23 AM - Software Distribution Service 3.0
RP138: 7/26/2012 10:59:15 PM - System Checkpoint
RP139: 7/27/2012 11:40:51 PM - System Checkpoint
RP140: 7/30/2012 7:34:27 PM - System Checkpoint
RP141: 8/2/2012 6:45:54 PM - System Checkpoint
RP142: 8/6/2012 4:58:59 PM - System Checkpoint
RP143: 8/8/2012 4:15:17 AM - System Checkpoint
RP144: 8/9/2012 10:18:08 AM - System Checkpoint
RP145: 8/11/2012 9:59:07 PM - System Checkpoint
RP146: 8/15/2012 3:30:20 PM - System Checkpoint
RP147: 8/18/2012 8:01:40 PM - System Checkpoint
RP148: 8/21/2012 4:04:48 AM - System Checkpoint
RP149: 8/22/2012 4:40:16 PM - System Checkpoint
RP150: 8/23/2012 7:11:09 PM - System Checkpoint
RP151: 8/24/2012 10:17:01 PM - System Checkpoint
RP152: 8/25/2012 10:31:11 PM - System Checkpoint
RP153: 8/27/2012 1:53:29 AM - System Checkpoint
RP154: 8/28/2012 3:25:53 AM - System Checkpoint
RP155: 8/29/2012 4:23:55 AM - System Checkpoint
RP156: 8/30/2012 4:54:25 AM - System Checkpoint
RP157: 8/31/2012 5:31:53 AM - System Checkpoint
RP158: 9/1/2012 5:35:40 AM - System Checkpoint
RP159: 9/2/2012 6:33:33 AM - System Checkpoint
RP160: 9/3/2012 6:39:15 AM - System Checkpoint
RP161: 9/4/2012 10:39:04 AM - System Checkpoint
RP162: 9/5/2012 11:10:50 AM - System Checkpoint
RP163: 9/6/2012 11:16:28 AM - System Checkpoint
RP164: 9/7/2012 10:53:22 PM - System Checkpoint
RP165: 9/9/2012 12:18:34 AM - System Checkpoint
RP166: 9/10/2012 1:05:51 AM - System Checkpoint
RP167: 9/11/2012 11:22:17 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 6.0
CCleaner
ConvertHelper 2.2
Free Studio version 5.4.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
ICQ7M
ImgBurn
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnRights
Nero OEM
NVIDIA Drivers
OpenOffice.org 3.4
PowerDVD
QuickTime
RealPlayer Basic
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
SUPERAntiSpyware
TradeManager 2011 SP2
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VLC Media Player
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
9/7/2012 9:58:47 PM, error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{5B180AB1-4633-4B89-BD3F-10E2D5B93B44} because another computer on the network has the same name.  The server could not start.
9/7/2012 9:32:02 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/12/2012 3:04:47 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/12/2012 12:17:07 AM, error: Dhcp [1002]  - The IP address lease 173.218.78.167 for the Network Card with network address 001C255FD20C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/11/2012 2:30:26 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
9/11/2012 2:30:21 AM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
.
==== End Of File ===========================

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Kyle]

Combofix would not run...Just would start up then turn right off. 
here are the other logs:
AdwCleaner:
# AdwCleaner v2.001 - Logfile created 09/13/2012 at 18:12:49
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - YOUR-2DE1E3590B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8og43lr.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8og43lr.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1980 octets] - [12/09/2012 01:17:25]
AdwCleaner[S1].txt - [2293 octets] - [13/09/2012 18:12:49]

########## EOF - C:\AdwCleaner[S1].txt - [2353 octets] ##########

 Results of screen317's Security Check version 0.99.50 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.65.0.1400 
 CCleaner     
 Java 2 Runtime Environment, SE v1.4.2
 Java version out of Date!
 Adobe Flash Player    11.4.402.265 
 Adobe Reader 6 Adobe Reader out of Date!
 Mozilla Firefox 12.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

[Kyle]

Did try Combofix  again after a re-start did the same thing but,now I have the little red Windows security logo.I did try to remove it by Start -> Control Panels -> Security Center. Then click on the "Firewall" option, click on "Recommendations", and, finally, check off the option "I have a firewall solution that I'll monitor myself". BUT,I get this error message: ""Due to an unidentified problem, Windows cannot display Windows Firewall settings.""
Also when I search anything on Google now when I try to click on a result a get a ton of pop-ups. :/

[Kyle]

Sorry for all the posts...Got it to run here is the log:
ComboFix 12-09-13.03 - Owner 09/14/2012   4:17.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.895.670 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\.tmp
c:\documents and settings\Owner\Local Settings\Application Data\WsAudio_Device\uilqvjul.dll
c:\documents and settings\Owner\WINDOWS
C:\install.exe
c:\windows\$NtUninstallKB59634$
c:\windows\$NtUninstallKB59634$\2765056170
c:\windows\$NtUninstallKB59634$\617729059\@
c:\windows\$NtUninstallKB59634$\617729059\Desktop.ini
c:\windows\$NtUninstallKB59634$\617729059\L\00000004.@
c:\windows\$NtUninstallKB59634$\617729059\L\201d3dde
c:\windows\$NtUninstallKB59634$\617729059\L\iopiovam
c:\windows\$NtUninstallKB59634$\617729059\U\00000004.@
c:\windows\$NtUninstallKB59634$\617729059\U\00000008.@
c:\windows\$NtUninstallKB59634$\617729059\U\000000cb.@
c:\windows\$NtUninstallKB59634$\617729059\U\80000000.@
c:\windows\$NtUninstallKB59634$\617729059\U\80000032.@
c:\windows\Installer\{37b6c54b-9db4-3fd1-5988-ffcc851c49e0}\@
c:\windows\Installer\{37b6c54b-9db4-3fd1-5988-ffcc851c49e0}\U\00000001.@
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\SET223.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it
.
(((((((((((((((((((((((((   Files Created from 2012-08-14 to 2012-09-14  )))))))))))))))))))))))))))))))
.
.
2012-09-14 09:14 . 2008-04-14 05:49   75264   -c--a-w-   c:\windows\system32\dllcache\ipsec.sys
2012-09-14 09:14 . 2008-04-14 05:49   75264   ----a-w-   c:\windows\system32\drivers\ipsec.sys
2012-09-12 05:59 . 2012-09-12 05:59   --------   d-----w-   c:\program files\CCleaner
2012-09-04 08:59 . 2012-09-04 08:59   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-09-04 08:57 . 2012-09-04 08:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-04 08:57 . 2012-09-04 08:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-30 05:45 . 2012-08-30 05:45   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-08-23 08:42 . 2012-08-23 08:42   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2012-08-23 08:42 . 2012-09-12 06:26   --------   d-----w-   c:\program files\Malwarebytes
2012-08-23 08:42 . 2012-09-07 22:04   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-23 08:42 . 2012-08-23 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-22 13:28 . 2012-08-22 13:28   466944   ----a-w-   c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2012-08-22 13:28 . 2012-08-22 13:28   --------   d-----w-   c:\documents and settings\Owner\Application Data\Catalina Marketing Corp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 10:02 . 2012-04-03 01:21   73416   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 10:02 . 2012-04-03 01:21   696520   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-16 08:04 . 2012-04-03 01:12   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-08-13 127040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-03-30 7634944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 09:43   69632   -c--a-r-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliim]
2012-04-18 07:39   215032   ----a-w-   c:\program files\trademanager\AliIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50   155648   -c--a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-03-30 20:58   86016   -c--a-w-   c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-03-30 20:58   1622016   -c--a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-03-30 01:28   98304   -c--a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42   32768   -c--a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-27 05:20   16844800   -c--a-r-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 04:22   1826816   -c--a-r-   c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [3/30/2012 11:33 AM 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:21 PM 250568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/16/2012 3:04 AM 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:02]
.
2012-03-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 10:42]
.
.
------- Supplementary Scan -------
.
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8og43lr.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WsAudio_Device - c:\documents and settings\Owner\Local Settings\Application Data\WsAudio_Device\uilqvjul.dll
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-14 04:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  WsAudio_Device = RUNDLL32.EXE "c:\documents and settings\Owner\Local Settings\Application Data\WsAudio_Device\uilqvjul.dll",VerifyInterfaceVersion?6789
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-14  04:55:22 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-14 09:55
.
Pre-Run: 74,840,797,184 bytes free
Post-Run: 80,540,811,264 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A28461E8F7271FA81E300AA16EE550B6

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************
click Start, right click My Computer and click manage. answer the Elevation prompt, if asked. Double click Services and Applications on the left and single click Services. look for Security Center. click Start. hopefully you wont get an error. right click Security Center in services where it says startup type, choose automatic

Please run Security Check again and post the log.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[Kyle]

PC running like new. 

log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-15 00:37:22
-----------------------------
00:37:22.687    OS Version: Windows 5.1.2600 Service Pack 3
00:37:22.687    Number of processors: 1 586 0x7F01
00:37:22.703    ComputerName: YOUR-2DE1E3590B  UserName: Owner
00:37:23.171    Initialize success
00:37:39.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
00:37:39.140    Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 1
00:37:39.156    Disk 0 MBR read successfully
00:37:39.156    Disk 0 MBR scan
00:37:39.156    Disk 0 unknown MBR code
00:37:39.171    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       147408 MB offset 10683225
00:37:39.171    Disk 0 Partition 2 00     0B        FAT32 RECOVERY     5216 MB offset 63
00:37:39.171    Disk 0 scanning sectors +312576705
00:37:39.250    Disk 0 scanning C:\WINDOWS\system32\drivers
00:37:44.078    Service scanning
00:37:52.312    Modules scanning
00:37:57.171    Disk 0 trace - called modules:
00:37:57.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS NVGTS.SYS
00:37:57.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85517ab8]
00:37:57.703    3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> \Device\00000088[0x85498460]
00:37:57.703    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x853f0030]
00:37:57.703    Scan finished successfully
00:38:11.500    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
00:38:11.515    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


 

[SuperDave]

We need to fix the Master Boot Record using aswMBR now.

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click FixMBR to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

.

[Kyle]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-15 23:21:22
-----------------------------
23:21:22.937    OS Version: Windows 5.1.2600 Service Pack 3
23:21:22.937    Number of processors: 1 586 0x7F01
23:21:22.937    ComputerName: YOUR-2DE1E3590B  UserName: Owner
23:21:24.859    Initialize success
23:21:39.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
23:21:39.656    Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 1
23:21:39.671    Disk 0 MBR read successfully
23:21:39.671    Disk 0 MBR scan
23:21:39.687    Disk 0 unknown MBR code
23:21:39.687    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       147408 MB offset 10683225
23:21:39.703    Disk 0 Partition 2 00     0B        FAT32 RECOVERY     5216 MB offset 63
23:21:39.703    Disk 0 scanning sectors +312576705
23:21:39.765    Disk 0 scanning C:\WINDOWS\system32\drivers
23:21:45.328    Service scanning
23:21:52.671    Modules scanning
23:22:00.359    Disk 0 trace - called modules:
23:22:00.375    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS NVGTS.SYS
23:22:00.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85517ab8]
23:22:00.375    3 CLASSPNP.SYS[f7547fd7] -> nt!IofCallDriver -> \Device\00000088[0x85498460]
23:22:00.375    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x853f0030]
23:22:00.375    Scan finished successfully
23:22:49.625    Verifying
23:22:59.640    Disk 0 Windows 501 MBR fixed successfully
23:23:14.156    Verifying
23:23:24.171    Disk 0 Windows 501 MBR fixed successfully
23:24:01.000    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:24:01.000    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR2.txt"

[SuperDave]

Did you turn off your Windows Security Center?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[Kyle]

Sorry for the delay here is the log:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: EC7E4000
Module End: EC7E8000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvgts.sys
Service Name: ---
Module Base: EBA58000
Module End: EBA75000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\53JWDW5M\microsoft.com\WWDocs\User\en-us\adExcellence\04_Intellectual_Property_Guidelines\player\playershell.swf\Microsoft_adCenter_Intellectual_Property_Guid
Status: Hidden

Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\53JWDW5M\www.englishcentral.com.\analytics.sol
Status: Hidden

Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\53JWDW5M\www.englishcentral.com.\babelMicData.sol
Status: Hidden

Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\53JWDW5M\www.englishcentral.com.
Status: Hidden

Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.englishcentral.com.\settings.sol
Status: Hidden

Object: C:\oldttemp\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.englishcentral.com.
Status: Hidden

Object: C:\oldttemp\Program Files\Trillian\users\default\downloads\AIM\blacklinevideos 
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}
Status: Access denied

[SuperDave]

How's your computer running now? Any other issues?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt