THREE LOGS

[loimve27]

Hello, here are my logs for SuperAntispyware, Malwarebytes' Anti-Malware, and HijackThis.  If anything stands out as really harmful and/or can be easily remedied, I would greatly appreciate any advice.  Thank you!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2009 at 06:00 PM

Application Version : 4.26.1000

Core Rules Database Version : 3843
Trace Rules Database Version: 1798

Scan type       : Custom Scan
Total Scan Time : 01:25:17

Memory items scanned      : 522
Memory threats detected   : 1
Registry items scanned    : 5646
Registry threats detected : 2
File items scanned        : 61649
File threats detected     : 85

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
   C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
   [SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE

Adware.IWinGames
   HKU\S-1-5-21-73586283-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@2o7[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@adbrite[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@adinterax[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@adlegend[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@adrevolver[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@advertising[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@atdmt[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@atwola[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@burstnet[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@calorie-count[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@casalemedia[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@collective-media[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@dealtime[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@doubleclick[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@eyewonder[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@fastclick[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@hitbox[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@imrworldwide[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@insightexpressai[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@interclick[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@lynxtrack[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@media6degrees[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@mediaplex[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@overture[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@partner2profit[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@questionmarket[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@realmedia[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@revsci[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@roiservice[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@serving-sys[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@specificclick[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@statcounter[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][3].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@tacoda[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@trafficmp[2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@traffic[1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@tribalfusion[2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][2].txt
   C:\Documents and Settings\Pancakes\Cookies\[email protected][1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@xiti[1].txt
   C:\Documents and Settings\Pancakes\Cookies\pancakes@zedo[1].txt




Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/15/2009 1:44:58 AM
mbam-log-2009-04-15 (01-44-58).txt

Scan type: Quick Scan
Objects scanned: 88987
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:32 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 144.26.152.92
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9855 bytes

[harry 48]

why did you not clear all the cookies out

[loimve27]

I followed all the directions.  And these are the logs I was directed to post.

[evilfantasy]

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[loimve27]

DDS (Ver_09-03-16.01) - NTFSx86 
Run by Jacquelyn at 22:26:13.42 on Wed 04/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.92 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jacquelyn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [nah_Shell] c:\documents and settings\jacquelyn\nah_blrc.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Enterprise
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [V0500Mon.exe] c:\windows\V0500Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jacque~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\sophos\remote update\imonitor.exe
IE: Download All Links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jacque~1\applic~1\mozilla\firefox\profiles\nz3wteqg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\jacquelyn\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\jacquelyn\application data\mozilla\firefox\profiles\nz3wteqg.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-20 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-20 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-8 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\naveng.sys [2009-4-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\navex15.sys [2009-4-15 876144]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 STV102;WWL 102;c:\windows\system32\drivers\STV102.sys [2007-2-26 145996]
S3 STV102m;WWL 102m;c:\windows\system32\drivers\STV102m.sys [2007-2-26 9170]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2009-3-19 251264]

=============== Created Last 30 ================

2009-04-15 13:20   32,592   a-------   c:\windows\system32\msonpmon.dll
2009-04-15 12:58   <DIR>   --d-----   c:\program files\Microsoft Visual Studio 8
2009-04-15 11:31   284,160   -c------   c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:31   401,408   -c------   c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:31   110,592   -c------   c:\windows\system32\dllcache\services.exe
2009-04-15 11:31   473,600   -c------   c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:31   227,840   -c------   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:30   453,120   -c------   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:30   729,088   -c------   c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:30   617,472   -c------   c:\windows\system32\dllcache\advapi32.dll
2009-04-15 11:30   714,752   -c------   c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:27   2,560   --------   c:\windows\system32\xpsp4res.dll
2009-04-15 11:27   1,203,922   -c------   c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 11:27   215,552   -c------   c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:53   <DIR>   --d-----   c:\program files\Trend Micro
2009-04-15 00:50   <DIR>   --d-----   c:\docume~1\jacque~1\applic~1\Malwarebytes
2009-04-15 00:49   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-15 00:49   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 00:49   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-15 00:49   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-14 16:16   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-14 16:16   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-14 16:16   <DIR>   --d-----   c:\docume~1\jacque~1\applic~1\SUPERAntiSpyware.com
2009-04-14 16:15   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-04-14 16:06   <DIR>   --d-----   c:\program files\CCleaner
2009-04-14 15:39   <DIR>   --d-----   c:\program files\JavaRa
2009-04-14 15:38   69,512   a-------   c:\program files\JavaRa.zip
2009-04-14 15:32   410,984   a-------   c:\windows\system32\deploytk.dll
2009-04-04 18:21   <DIR>   --d-----   c:\program files\LimeWire
2009-04-03 13:12   75,776   a-------   c:\documents and settings\jacquelyn\nah_blrc.exe
2009-04-03 09:24   210,352   a-------   c:\windows\system32\idmmbc.dll
2009-03-22 03:02   <DIR>   --d-----   c:\program files\common files\Software Update Utility
2009-03-22 03:01   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\acccore
2009-03-21 10:06   989,696   -c------   c:\windows\system32\dllcache\kernel32.dll
2009-03-19 17:07   <DIR>   --d-----   c:\windows\CtDrvInstall
2009-03-19 17:06   <DIR>   --d-----   c:\program files\Dynex
2009-03-19 17:06   <DIR>   --d-----   c:\program files\Creative

==================== Find3M  ====================

2009-04-15 13:55   40,128   a-------   c:\docume~1\jacque~1\applic~1\wklnhst.dat
2009-04-05 14:28   94,096   a-------   c:\docume~1\jacque~1\applic~1\GDIPFONTCACHEV1.DAT
2009-03-30 06:28   20,963   a-------   c:\windows\system32\nvModes.dat
2009-03-06 10:22   284,160   a-------   c:\windows\system32\pdh.dll
2009-03-02 20:18   826,368   a-------   c:\windows\system32\wininet.dll
2009-02-20 14:09   78,336   --------   c:\windows\system32\ieencode.dll
2009-02-09 08:10   729,088   --------   c:\windows\system32\lsasrv.dll
2009-02-09 08:10   401,408   a-------   c:\windows\system32\rpcss.dll
2009-02-09 08:10   714,752   --------   c:\windows\system32\ntdll.dll
2009-02-09 08:10   617,472   --------   c:\windows\system32\advapi32.dll
2009-02-09 07:13   1,846,784   --------   c:\windows\system32\win32k.sys
2009-02-07 19:02   2,066,048   --------   c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11   110,592   --------   c:\windows\system32\services.exe
2009-02-06 07:08   2,189,056   --------   c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39   35,328   --------   c:\windows\system32\sc.exe
2009-02-03 15:59   56,832   a-------   c:\windows\system32\secur32.dll

============= FINISH: 22:29:17.46 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2006 1:48:19 AM
System Uptime: 4/15/2009 8:33:37 PM (2 hours ago)

Motherboard: Dell Computer Corporation |  |       
Processor:    Mobile Intel(R) Pentium(R) 4     CPU 3.06GHz | Microprocessor | 1589/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 23.497 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP644: 1/15/2009 3:51:17 PM - System Checkpoint
RP645: 1/15/2009 10:00:41 PM - Software Distribution Service 3.0
RP646: 1/16/2009 10:19:14 PM - System Checkpoint
RP647: 1/18/2009 5:22:36 PM - System Checkpoint
RP648: 1/21/2009 2:27:37 AM - Software Distribution Service 3.0
RP649: 1/22/2009 9:42:07 AM - System Checkpoint
RP650: 1/22/2009 3:20:05 PM - Software Distribution Service 3.0
RP651: 1/23/2009 3:48:13 PM - System Checkpoint
RP652: 1/25/2009 10:52:34 AM - Installed Pinnacle Instant DVD Recorder.
RP653: 1/25/2009 1:00:35 PM - Removed Pinnacle Instant DVD Recorder.
RP654: 1/25/2009 1:03:44 PM - Installed Pinnacle Studio 12.
RP655: 1/25/2009 1:20:14 PM - Installed Pinnacle Video Driver.
RP656: 1/26/2009 2:08:40 PM - System Checkpoint
RP657: 1/27/2009 2:57:24 PM - System Checkpoint
RP658: 1/27/2009 8:43:52 PM - Software Distribution Service 3.0
RP659: 1/29/2009 10:58:54 AM - System Checkpoint
RP660: 1/29/2009 3:06:35 PM - Software Distribution Service 3.0
RP661: 1/30/2009 2:00:01 PM - Installed QuickTime
RP662: 1/31/2009 4:54:53 PM - System Checkpoint
RP663: 2/2/2009 6:33:43 PM - Software Distribution Service 3.0
RP664: 2/3/2009 8:03:18 PM - System Checkpoint
RP665: 2/4/2009 9:16:46 PM - System Checkpoint
RP666: 2/5/2009 9:47:35 PM - System Checkpoint
RP667: 2/5/2009 10:01:27 PM - Software Distribution Service 3.0
RP668: 2/6/2009 10:16:01 PM - System Checkpoint
RP669: 2/8/2009 6:25:34 PM - System Checkpoint
RP670: 2/9/2009 4:56:04 PM - Software Distribution Service 3.0
RP671: 2/10/2009 5:41:57 PM - System Checkpoint
RP672: 2/11/2009 3:00:28 PM - Software Distribution Service 3.0
RP673: 2/12/2009 4:00:34 PM - System Checkpoint
RP674: 2/12/2009 10:01:00 PM - Software Distribution Service 3.0
RP675: 2/13/2009 12:53:35 AM - Windows Defender Checkpoint
RP676: 2/14/2009 1:15:11 PM - System Checkpoint
RP677: 2/15/2009 12:36:42 AM - Windows Defender Checkpoint
RP678: 2/15/2009 2:28:42 PM - Removed Pinnacle Studio 12.
RP679: 2/16/2009 10:02:21 AM - Software Distribution Service 3.0
RP680: 2/17/2009 1:55:57 PM - System Checkpoint
RP681: 2/18/2009 2:47:28 PM - System Checkpoint
RP682: 2/19/2009 12:36:54 PM - Software Distribution Service 3.0
RP683: 2/19/2009 11:29:56 PM - Windows Defender Checkpoint
RP684: 2/21/2009 6:35:01 PM - System Checkpoint
RP685: 2/22/2009 7:15:59 PM - System Checkpoint
RP686: 2/23/2009 4:41:40 PM - Software Distribution Service 3.0
RP687: 2/24/2009 4:54:44 PM - System Checkpoint
RP688: 2/25/2009 3:00:30 PM - Software Distribution Service 3.0
RP689: 2/26/2009 3:44:36 PM - System Checkpoint
RP690: 2/26/2009 10:00:44 PM - Software Distribution Service 3.0
RP691: 3/8/2009 3:00:35 AM - Software Distribution Service 3.0
RP692: 3/9/2009 6:24:19 PM - System Checkpoint
RP693: 3/9/2009 7:59:46 PM - Software Distribution Service 3.0
RP694: 3/9/2009 10:47:53 PM - Windows Defender Checkpoint
RP695: 3/10/2009 9:00:56 PM - Software Distribution Service 3.0
RP696: 3/11/2009 1:35:15 AM - Software Distribution Service 3.0
RP697: 3/12/2009 9:59:16 AM - System Checkpoint
RP698: 3/12/2009 9:00:44 PM - Software Distribution Service 3.0
RP699: 3/14/2009 3:08:25 PM - System Checkpoint
RP700: 3/15/2009 7:18:16 AM - Software Distribution Service 3.0
RP701: 3/16/2009 5:04:54 PM - System Checkpoint
RP702: 3/16/2009 5:20:26 PM - Software Distribution Service 3.0
RP703: 3/17/2009 6:07:23 PM - System Checkpoint
RP704: 3/18/2009 7:41:14 PM - System Checkpoint
RP705: 3/19/2009 9:17:40 PM - System Checkpoint
RP706: 3/19/2009 10:00:52 PM - Software Distribution Service 3.0
RP707: 3/20/2009 10:29:43 PM - System Checkpoint
RP708: 3/21/2009 11:30:54 PM - System Checkpoint
RP709: 3/23/2009 6:36:21 AM - System Checkpoint
RP710: 3/23/2009 5:23:22 PM - Software Distribution Service 3.0
RP711: 3/24/2009 5:45:20 PM - System Checkpoint
RP712: 3/25/2009 6:13:28 PM - System Checkpoint
RP713: 3/26/2009 12:36:56 PM - Software Distribution Service 3.0
RP714: 3/27/2009 12:39:55 PM - System Checkpoint
RP715: 3/29/2009 4:45:52 PM - System Checkpoint
RP716: 3/30/2009 3:52:13 PM - Software Distribution Service 3.0
RP717: 3/31/2009 5:05:47 PM - System Checkpoint
RP718: 4/1/2009 5:12:12 PM - System Checkpoint
RP719: 4/2/2009 9:55:06 AM - Software Distribution Service 3.0
RP720: 4/3/2009 11:04:54 AM - System Checkpoint
RP721: 4/4/2009 11:16:27 AM - System Checkpoint
RP722: 4/5/2009 1:06:51 PM - System Checkpoint
RP723: 4/6/2009 1:17:45 PM - Software Distribution Service 3.0
RP724: 4/7/2009 2:11:24 PM - System Checkpoint
RP725: 4/8/2009 2:15:58 PM - System Checkpoint
RP726: 4/9/2009 4:52:10 PM - System Checkpoint
RP727: 4/10/2009 5:23:57 PM - System Checkpoint
RP728: 4/11/2009 5:36:52 PM - System Checkpoint
RP729: 4/12/2009 6:06:52 PM - System Checkpoint
RP730: 4/13/2009 4:01:48 PM - Software Distribution Service 3.0
RP731: 4/14/2009 3:31:18 PM - Installed Java(TM) 6 Update 13
RP732: 4/14/2009 4:16:18 PM - Installed SUPERAntiSpyware Free Edition
RP733: 4/15/2009 12:50:25 PM - Installed Microsoft Office Enterprise 2007
RP734: 4/15/2009 1:20:30 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP735: 4/15/2009 2:40:02 PM - Software Distribution Service 3.0

==== Installed Programs ======================


µTorrent
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Premiere Elements 3.0
Adobe Premiere Elements 3.0 Templates
Adobe Reader 7.0
Adobe Shockwave Player
AiO_Scan
AIOMinimal
AiOSoftware
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 70 User Registration
Canon CanoScan Toolbox 5.0
CanoScan LiDE 70
CCleaner (remove only)
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Dell Wireless WLAN Utility
Director
DNA
DocProc
Download Updater (AOL LLC)
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
Fax
FLV Player
FreeAgent Go Tools
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
Internet Download Manager
InterVideo XPack (DVD Only)
iTunes
Java(TM) 6 Update 13
LimeWire 5.1.2
Live! Cam Center
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
Overland
PhotoGallery
Pinnacle Video Driver
Post-it® Software Notes Lite
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
Roxio Burn Engine
Scan
ScanSoft OmniPage SE 4.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SigmaTel AC97 Audio Drivers
SkinsHP1
SkinsHP2
Skype™ 4.0
Sophos Remote Update
SUPERAntiSpyware Free Edition
Symantec AntiVirus
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFax Merger version 2.2
WinPcap 3.0
WWL 102 v100 Installation Files

==== Event Viewer Messages From Past Week ========

4/12/2009 5:45:06 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  The class is configured to run as a security id different from the caller

==== End Of File ===========================

[evilfantasy]

Go to Add or Remove Programs and uninstall:

• Sophos Remote Update

.
-----

How is the computer running now?

[loimve27]

Thank you so much!  The pop-ups and error messages are gone, and that was the primary issue.  My computer is still somewhat slow, and the fan runs loudly, but the computer is also about four years old.  Thanks for your help!

[evilfantasy]

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.

You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp files and restart the computer just before using this.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[loimve27]

Done.  I am now working through the "Slow Computer? It May Not Be Malware" section, which has awesome information.  Thank you again.