Can someone here actually help with this Win32/Nuqel.E?

I have tried following advice in forums, that is saying there are free removal tools..but whatever this is, it's blocking half the downloads, or stopping the scans midway through...it is saying almost every dll file is infected when a certain activity needs to operate...

Yes, I'm not computer literate, and am wondering if I simply just need to take the computer in and have it swiped cleaned?

Hi,
Please read THIS topic and post your HijackThis log file in this post.

Ok...I guess I'll try...I went to the java link, and only found the update 17...should I get that instead of the 16?

Yes, you should get version 16.

grrr...ok..I clicked on download the update 17..and due to an barage' of pop-ups, I'm guessing I'm updated..the next thing was to go and get javaRa....for a free download of Perforce..is that now what I need t

JavaRa Download - Click here

Most important :

• Download Hijack this from here
  
• Follow other instructions from Read before posting.
  

Post it here and wait for instructions given only by DragonMaster Jay, Origin or Belahzur

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:32 AM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr
C:\WINDOWS\system32\notepad.exe

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 win-guard2009.microsoft.com
O1 - Hosts: 91.212.127.227 win-guard2009.com
O1 - Hosts: 91.212.127.227 www.win-guard2009.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKLM\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKCU\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245103776681
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5704 bytes

Ok...here's what Hijack came up with...

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 win-guard2009.microsoft.com
O1 - Hosts: 91.212.127.227 win-guard2009.com
O1 - Hosts: 91.212.127.227 www.win-guard2009.com

O4 - HKLM\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKLM\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O4 - HKCU\..\Run: [bxxempxu] C:\Documents and Settings\Owner\Local Settings\Application Data\woobfy\hnaesysguard.exe
O4 - HKCU\..\Run: [yyttjqmm] C:\Documents and Settings\Owner\Local Settings\Application Data\wvjitk\htjdsysguard.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown
owner - C:\Program Files\Microsoft Windows OneCare
Live\Antivirus\MsMpEng.exe (file missing)

• Press "Fix Checked"
  
• Close Hijack This.
  

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes'
  Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 3139
Windows 5.1.2600 Service Pack 3

11/10/2009 8:48:23 AM
mbam-log-2009-11-10 (08-48-23).txt

Scan type: Quick Scan
Objects scanned: 120095
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


I will tell you this...all pop ups have ceased, and I was able to download without seeing any infected files notices....If you tell me this is fȋxed...I'll name my firstborn after you....hahaha

Ok...I haven't heard back, so am I to assume since the pop-ups stopped, the problem I was having is gone?

Hello.
Nazzgull will be with you shortly, for now, lets carry on.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

Sorry...just now getting back to this...here are the 2 scans you asked for..

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2009 12:53:11 AM
System Uptime: 11/11/2009 4:02:38 PM (20 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 37 GiB total, 26.74 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Network Controller
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Service:

==== System Restore Points ===================

RP81: 8/15/2009 3:50:53 AM - System Checkpoint
RP82: 8/16/2009 4:46:31 AM - System Checkpoint
RP83: 8/17/2009 6:02:39 AM - System Checkpoint
RP84: 8/18/2009 6:47:38 AM - System Checkpoint
RP85: 8/19/2009 7:46:32 AM - System Checkpoint
RP86: 8/20/2009 8:46:32 AM - System Checkpoint
RP87: 8/21/2009 9:46:32 AM - System Checkpoint
RP88: 8/22/2009 10:46:32 AM - System Checkpoint
RP89: 8/23/2009 10:54:28 AM - Installed SpadeClub Poker.
RP90: 8/24/2009 11:46:34 AM - System Checkpoint
RP91: 8/25/2009 1:46:02 PM - System Checkpoint
RP92: 8/26/2009 3:00:14 AM - Software Distribution Service 3.0
RP93: 8/27/2009 3:04:21 AM - System Checkpoint
RP94: 8/28/2009 4:04:21 AM - System Checkpoint
RP95: 8/28/2009 8:38:13 AM - Avg8 Update
RP96: 8/28/2009 8:39:36 AM - Avg8 Update
RP97: 8/29/2009 8:45:30 AM - System Checkpoint
RP98: 8/30/2009 9:03:47 AM - System Checkpoint
RP99: 8/31/2009 9:18:24 AM - System Checkpoint
RP100: 9/1/2009 10:18:24 AM - System Checkpoint
RP101: 9/2/2009 11:18:24 AM - System Checkpoint
RP102: 9/2/2009 4:33:48 PM - Installed Adobe Reader 9.1.
RP103: 9/3/2009 5:37:06 AM - Removed SpadeClub Poker.
RP104: 9/4/2009 6:17:06 AM - System Checkpoint
RP105: 9/5/2009 7:49:45 AM - System Checkpoint
RP106: 9/6/2009 8:04:20 AM - System Checkpoint
RP107: 9/7/2009 8:41:34 AM - System Checkpoint
RP108: 9/8/2009 9:26:17 AM - System Checkpoint
RP109: 9/9/2009 10:27:22 AM - System Checkpoint
RP110: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
RP111: 9/10/2009 1:59:27 PM - Installed Java(TM) 6 Update 15
RP112: 9/11/2009 2:09:07 PM - System Checkpoint
RP113: 9/12/2009 3:09:07 PM - System Checkpoint
RP114: 9/13/2009 10:03:13 PM - System Checkpoint
RP115: 9/14/2009 10:03:21 PM - System Checkpoint
RP116: 9/16/2009 3:32:07 AM - System Checkpoint
RP117: 9/17/2009 4:24:23 AM - System Checkpoint
RP118: 9/19/2009 10:07:04 AM - System Checkpoint
RP119: 9/20/2009 10:24:23 AM - System Checkpoint
RP120: 9/21/2009 2:26:57 PM - System Checkpoint
RP121: 9/22/2009 2:46:21 PM - System Checkpoint
RP122: 9/23/2009 4:31:24 PM - System Checkpoint
RP123: 9/24/2009 5:33:47 PM - System Checkpoint
RP124: 9/25/2009 7:38:36 PM - System Checkpoint
RP125: 9/26/2009 7:38:58 PM - System Checkpoint
RP126: 9/27/2009 8:39:02 PM - System Checkpoint
RP127: 9/29/2009 7:02:07 AM - System Checkpoint
RP128: 9/30/2009 10:46:12 AM - System Checkpoint
RP129: 10/1/2009 11:06:42 AM - System Checkpoint
RP130: 10/2/2009 2:55:48 PM - System Checkpoint
RP131: 10/3/2009 3:00:15 AM - Software Distribution Service 3.0
RP132: 10/3/2009 3:22:47 AM - Printer Driver Microsoft XPS Document Writer Installed
RP133: 10/4/2009 1:53:56 AM - Software Distribution Service 3.0
RP134: 10/5/2009 2:06:28 AM - System Checkpoint
RP135: 10/5/2009 7:04:10 AM - Installed Windows Media Player 11
RP136: 10/5/2009 7:09:41 AM - Software Distribution Service 3.0
RP137: 10/5/2009 9:42:15 AM - Avg8 Update
RP138: 10/5/2009 9:43:43 AM - Avg8 Update
RP139: 10/6/2009 2:25:34 PM - System Checkpoint
RP140: 10/7/2009 3:00:14 AM - Software Distribution Service 3.0
RP141: 10/7/2009 8:57:12 AM - Avg8 Update
RP142: 10/8/2009 11:21:37 AM - System Checkpoint
RP143: 10/9/2009 11:34:07 AM - System Checkpoint
RP144: 10/10/2009 11:35:23 AM - System Checkpoint
RP145: 10/11/2009 1:49:48 PM - System Checkpoint
RP146: 10/12/2009 2:57:36 PM - System Checkpoint
RP147: 10/12/2009 4:07:44 PM - Software Distribution Service 3.0
RP148: 10/13/2009 4:12:47 PM - System Checkpoint
RP149: 10/14/2009 6:59:29 PM - System Checkpoint
RP150: 10/15/2009 9:33:24 PM - System Checkpoint
RP151: 10/16/2009 3:31:01 PM - Software Distribution Service 3.0
RP152: 10/20/2009 12:10:16 PM - Avg8 Update
RP153: 10/21/2009 9:08:09 AM - Installed Driver Detective.
RP154: 10/21/2009 9:26:27 AM - Removed Driver Detective.
RP155: 10/22/2009 11:51:02 AM - System Checkpoint
RP156: 10/23/2009 3:00:16 AM - Software Distribution Service 3.0
RP157: 10/24/2009 3:53:42 AM - System Checkpoint
RP158: 10/25/2009 6:11:52 AM - System Checkpoint
RP159: 10/26/2009 6:39:17 AM - System Checkpoint
RP160: 10/27/2009 9:24:07 AM - System Checkpoint
RP161: 10/28/2009 10:49:26 AM - System Checkpoint
RP162: 10/29/2009 2:08:21 PM - System Checkpoint
RP163: 10/30/2009 4:40:03 PM - System Checkpoint
RP164: 10/31/2009 4:51:44 PM - System Checkpoint
RP165: 11/1/2009 5:07:44 PM - System Checkpoint
RP166: 11/2/2009 5:14:40 PM - System Checkpoint
RP167: 11/3/2009 10:07:12 AM - Avg8 Update
RP168: 11/4/2009 4:00:15 AM - Software Distribution Service 3.0
RP169: 11/5/2009 4:19:05 AM - System Checkpoint
RP170: 11/6/2009 5:17:35 AM - System Checkpoint
RP171: 11/6/2009 9:02:44 AM - Avg8 Update
RP172: 11/6/2009 1:08:14 PM - Restore Operation
RP173: 11/6/2009 1:11:20 PM - Restore Operation
RP174: 11/6/2009 1:55:15 PM - Restore Operation
RP175: 11/7/2009 2:08:48 PM - System Checkpoint
RP176: 11/8/2009 1:23:22 PM - System Checkpoint
RP177: 11/9/2009 2:08:41 PM - System Checkpoint
RP178: 11/10/2009 8:16:58 AM - Removed iTunes
RP179: 11/11/2009 11:16:44 AM - System Checkpoint
RP180: 11/11/2009 3:55:50 PM - Software Distribution Service 3.0
RP181: 11/11/2009 4:07:46 PM - Removed AVG Free 8.5

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AIO_Scan
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
Bejeweled 2 Deluxe
Bonjour
Broadcom 440x 10/100 Integrated Controller
Dell Digital Jukebox Driver
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart All-In-One Software 9.0
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 15
Lexmark P910 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Media Player
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
PokerStars
PowerDVD
PS_AIO_Software_min
QuickTime
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spy Sweeper
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/5/2009 4:17:19 AM, error: Dhcp [1002] - The IP address lease 72.135.102.106 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/5/2009 3:15:41 AM, error: Dhcp [1002] - The IP address lease 75.81.18.255 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/10/2009 6:26:22 AM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
11/10/2009 6:14:57 AM, error: OneCareMP [3002] -

==== End Of File ===========================

Here is the other scan log....

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 12:30:34.53 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.365 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245103776681
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

=============== Created Last 30 ================

2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
2009-10-21 14:47:41 0 d-----w- c:\program files\HP
2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 12:30:59.26 ===============

I'm not sure if this would have anything to do with the viruses...but I wanted to also let you know...I'm now hearing internet static through my speakers and can't get rid of it....like refreshing a page...or going from 1 link to another....I can open windows media and play my music and I don't hear it, but when surfing the net the static is there....

Hi,
DSS have two logs, please post first one here.

As Belahzur said

When complete, two logs will open. Save both of the report to your Desktop.

Copy and paste BOTH LOGS back here, use more than one post if needed.

Sorry, posted in same time.

Last edited by Nazzgull on 12th November 2009, 6:54 pm; edited 1 time in total

Ok..I'll re-post them...I just did that though, I thought..

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 12:30:34.53 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.365 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245103776681
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

=============== Created Last 30 ================

2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
2009-10-21 14:47:41 0 d-----w- c:\program files\HP
2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 12:30:59.26 ===============

Is that the right log?

Hello.
That's DDS.txt, the other log is called attach.txt, can you post that log please?

Those were the only 2 logs that opened as you had said would....I'm not certain what the attached text would be....do you want me to run it again?

Yes, run it again.
Watch the log names closely.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2009 12:53:11 AM
System Uptime: 11/11/2009 4:02:38 PM (24 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 37 GiB total, 26.74 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Network Controller
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&3B1CAF2B&0&20F0
Service:

==== System Restore Points ===================

RP81: 8/15/2009 3:50:53 AM - System Checkpoint
RP82: 8/16/2009 4:46:31 AM - System Checkpoint
RP83: 8/17/2009 6:02:39 AM - System Checkpoint
RP84: 8/18/2009 6:47:38 AM - System Checkpoint
RP85: 8/19/2009 7:46:32 AM - System Checkpoint
RP86: 8/20/2009 8:46:32 AM - System Checkpoint
RP87: 8/21/2009 9:46:32 AM - System Checkpoint
RP88: 8/22/2009 10:46:32 AM - System Checkpoint
RP89: 8/23/2009 10:54:28 AM - Installed SpadeClub Poker.
RP90: 8/24/2009 11:46:34 AM - System Checkpoint
RP91: 8/25/2009 1:46:02 PM - System Checkpoint
RP92: 8/26/2009 3:00:14 AM - Software Distribution Service 3.0
RP93: 8/27/2009 3:04:21 AM - System Checkpoint
RP94: 8/28/2009 4:04:21 AM - System Checkpoint
RP95: 8/28/2009 8:38:13 AM - Avg8 Update
RP96: 8/28/2009 8:39:36 AM - Avg8 Update
RP97: 8/29/2009 8:45:30 AM - System Checkpoint
RP98: 8/30/2009 9:03:47 AM - System Checkpoint
RP99: 8/31/2009 9:18:24 AM - System Checkpoint
RP100: 9/1/2009 10:18:24 AM - System Checkpoint
RP101: 9/2/2009 11:18:24 AM - System Checkpoint
RP102: 9/2/2009 4:33:48 PM - Installed Adobe Reader 9.1.
RP103: 9/3/2009 5:37:06 AM - Removed SpadeClub Poker.
RP104: 9/4/2009 6:17:06 AM - System Checkpoint
RP105: 9/5/2009 7:49:45 AM - System Checkpoint
RP106: 9/6/2009 8:04:20 AM - System Checkpoint
RP107: 9/7/2009 8:41:34 AM - System Checkpoint
RP108: 9/8/2009 9:26:17 AM - System Checkpoint
RP109: 9/9/2009 10:27:22 AM - System Checkpoint
RP110: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
RP111: 9/10/2009 1:59:27 PM - Installed Java(TM) 6 Update 15
RP112: 9/11/2009 2:09:07 PM - System Checkpoint
RP113: 9/12/2009 3:09:07 PM - System Checkpoint
RP114: 9/13/2009 10:03:13 PM - System Checkpoint
RP115: 9/14/2009 10:03:21 PM - System Checkpoint
RP116: 9/16/2009 3:32:07 AM - System Checkpoint
RP117: 9/17/2009 4:24:23 AM - System Checkpoint
RP118: 9/19/2009 10:07:04 AM - System Checkpoint
RP119: 9/20/2009 10:24:23 AM - System Checkpoint
RP120: 9/21/2009 2:26:57 PM - System Checkpoint
RP121: 9/22/2009 2:46:21 PM - System Checkpoint
RP122: 9/23/2009 4:31:24 PM - System Checkpoint
RP123: 9/24/2009 5:33:47 PM - System Checkpoint
RP124: 9/25/2009 7:38:36 PM - System Checkpoint
RP125: 9/26/2009 7:38:58 PM - System Checkpoint
RP126: 9/27/2009 8:39:02 PM - System Checkpoint
RP127: 9/29/2009 7:02:07 AM - System Checkpoint
RP128: 9/30/2009 10:46:12 AM - System Checkpoint
RP129: 10/1/2009 11:06:42 AM - System Checkpoint
RP130: 10/2/2009 2:55:48 PM - System Checkpoint
RP131: 10/3/2009 3:00:15 AM - Software Distribution Service 3.0
RP132: 10/3/2009 3:22:47 AM - Printer Driver Microsoft XPS Document Writer Installed
RP133: 10/4/2009 1:53:56 AM - Software Distribution Service 3.0
RP134: 10/5/2009 2:06:28 AM - System Checkpoint
RP135: 10/5/2009 7:04:10 AM - Installed Windows Media Player 11
RP136: 10/5/2009 7:09:41 AM - Software Distribution Service 3.0
RP137: 10/5/2009 9:42:15 AM - Avg8 Update
RP138: 10/5/2009 9:43:43 AM - Avg8 Update
RP139: 10/6/2009 2:25:34 PM - System Checkpoint
RP140: 10/7/2009 3:00:14 AM - Software Distribution Service 3.0
RP141: 10/7/2009 8:57:12 AM - Avg8 Update
RP142: 10/8/2009 11:21:37 AM - System Checkpoint
RP143: 10/9/2009 11:34:07 AM - System Checkpoint
RP144: 10/10/2009 11:35:23 AM - System Checkpoint
RP145: 10/11/2009 1:49:48 PM - System Checkpoint
RP146: 10/12/2009 2:57:36 PM - System Checkpoint
RP147: 10/12/2009 4:07:44 PM - Software Distribution Service 3.0
RP148: 10/13/2009 4:12:47 PM - System Checkpoint
RP149: 10/14/2009 6:59:29 PM - System Checkpoint
RP150: 10/15/2009 9:33:24 PM - System Checkpoint
RP151: 10/16/2009 3:31:01 PM - Software Distribution Service 3.0
RP152: 10/20/2009 12:10:16 PM - Avg8 Update
RP153: 10/21/2009 9:08:09 AM - Installed Driver Detective.
RP154: 10/21/2009 9:26:27 AM - Removed Driver Detective.
RP155: 10/22/2009 11:51:02 AM - System Checkpoint
RP156: 10/23/2009 3:00:16 AM - Software Distribution Service 3.0
RP157: 10/24/2009 3:53:42 AM - System Checkpoint
RP158: 10/25/2009 6:11:52 AM - System Checkpoint
RP159: 10/26/2009 6:39:17 AM - System Checkpoint
RP160: 10/27/2009 9:24:07 AM - System Checkpoint
RP161: 10/28/2009 10:49:26 AM - System Checkpoint
RP162: 10/29/2009 2:08:21 PM - System Checkpoint
RP163: 10/30/2009 4:40:03 PM - System Checkpoint
RP164: 10/31/2009 4:51:44 PM - System Checkpoint
RP165: 11/1/2009 5:07:44 PM - System Checkpoint
RP166: 11/2/2009 5:14:40 PM - System Checkpoint
RP167: 11/3/2009 10:07:12 AM - Avg8 Update
RP168: 11/4/2009 4:00:15 AM - Software Distribution Service 3.0
RP169: 11/5/2009 4:19:05 AM - System Checkpoint
RP170: 11/6/2009 5:17:35 AM - System Checkpoint
RP171: 11/6/2009 9:02:44 AM - Avg8 Update
RP172: 11/6/2009 1:08:14 PM - Restore Operation
RP173: 11/6/2009 1:11:20 PM - Restore Operation
RP174: 11/6/2009 1:55:15 PM - Restore Operation
RP175: 11/7/2009 2:08:48 PM - System Checkpoint
RP176: 11/8/2009 1:23:22 PM - System Checkpoint
RP177: 11/9/2009 2:08:41 PM - System Checkpoint
RP178: 11/10/2009 8:16:58 AM - Removed iTunes
RP179: 11/11/2009 11:16:44 AM - System Checkpoint
RP180: 11/11/2009 3:55:50 PM - Software Distribution Service 3.0
RP181: 11/11/2009 4:07:46 PM - Removed AVG Free 8.5

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AIO_Scan
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
Bejeweled 2 Deluxe
Bonjour
Broadcom 440x 10/100 Integrated Controller
Dell Digital Jukebox Driver
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart All-In-One Software 9.0
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 15
Lexmark P910 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Media Player
MSXML 4.0 SP2 (KB954430)
MUSICMATCH Jukebox
PokerStars
PowerDVD
PS_AIO_Software_min
QuickTime
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spy Sweeper
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/5/2009 4:17:19 AM, error: Dhcp [1002] - The IP address lease 72.135.102.106 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/5/2009 3:15:41 AM, error: Dhcp [1002] - The IP address lease 75.81.18.255 for the Network Card with network address 000D5608C65A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/10/2009 6:26:22 AM, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
11/10/2009 6:14:57 AM, error: OneCareMP [3002] -

==== End Of File ===========================


This is the one named attach

This is the one named DDS....

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 16:11:32.25 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.370 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245103776681
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\wmp110.sys --> c:\windows\system32\drivers\WMP110.sys [?]

=============== Created Last 30 ================

2009-11-10 18:01:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-10 14:30:07 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-10 14:30:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 14:30:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 14:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-10 12:39:23 0 d-----w- c:\program files\Registry Easy
2009-11-06 18:09:48 0 d-----w- c:\docume~1\owner\applic~1\Webroot
2009-11-06 18:03:43 0 d-----w- c:\program files\Webroot
2009-11-03 08:26:02 16 ----a-w- c:\windows\popcinfo.dat
2009-11-03 05:36:43 720896 ----a-w- c:\windows\iun6002ev.exe
2009-11-03 05:36:34 0 d-----w- c:\program files\Bejeweled 2 Deluxe
2009-11-03 03:52:39 0 d-----w- c:\windows\system32\Adobe
2009-10-30 08:49:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-23 08:00:27 0 d-----w- c:\program files\MSXML 4.0
2009-10-21 14:49:40 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-21 14:48:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-10-21 14:48:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-21 14:48:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-21 14:48:02 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-21 14:47:52 958464 ----a-w- c:\windows\system32\hpotiop4.dll
2009-10-21 14:47:52 675840 ----a-w- c:\windows\system32\hpowiax4.dll
2009-10-21 14:47:52 303104 ----a-w- c:\windows\system32\hpovst11.dll
2009-10-21 14:47:41 0 d-----w- c:\program files\HP
2009-10-21 14:46:51 121299 ----a-w- c:\windows\hpoins15.dat
2009-10-21 14:46:51 1037 ------w- c:\windows\hpomdl15.dat
2009-10-21 14:46:36 307237 ----a-w- c:\windows\system32\autorun.inf
2009-10-21 14:12:15 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-10-21 14:12:14 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-10-21 14:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2009-10-21 14:09:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 16:11:41.76 ===============

There you go.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 15

Delete this file in bold:
c:\windows\system32\autorun.inf

Did you uninstall AVG during our removal process? your first Hijack This log shows AVG is present, I can see the services, but then later logs, those are gone.

Let me know.

oops...sorry...yes I did. I was told it might be hurting me by having it and spysweeper both...Like I said...I really have no idea what's best...

ok...I deleted the java...then ran a search and found that file, and deleted it.

Hello.

I don't like AVG anyhow, so we'll keep that off your system, and Spysweeper isn't that good neither.

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

After you've installed Avira, post a new Hijack This log.

Ok...not to sound stupid here...but the link you posted above for Antivir PersonalEditionClassic
Is telling me that page is no longer there. They do however show Antivir Premium, and say it's free....should I get it?

Nevermind...I went to Majorgeeks and got it from there.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:58 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\hijack.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245103776681
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5673 bytes


Here's the hijack Log

Heck, that Avira already found something named....HIDDENEXT/crypted...

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Go to Start > Run. In the Run box, copy and paste in the following:

sc stop AvgTdiX

Hit enter, then repeat for this command.

sc delete AvgTdiX

Hit enter.

How is the machine running now?

Ok...going to go and do your last instructions....while i'm away...can you go over this report from that Avira scan and let me know if these are things to worry about.....It supposably quarantined that crypted item just minutes before....

Avira AntiVir Personal
Report file date: Thursday, November 12, 2009 17:30

Scanning for 1894103 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JAYHAWK21

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 20:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 16:21:42
ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11/11/2009 22:44:23
ANTIVIR3.VDF : 7.1.6.223 2048 Bytes 11/11/2009 22:44:23
Engineversion : 8.2.1.65
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/12/2009 22:44:31
AESCRIPT.DLL : 8.1.2.44 586107 Bytes 11/12/2009 22:44:31
AESCN.DLL : 8.1.2.5 127346 Bytes 11/12/2009 22:44:30
AERDL.DLL : 8.1.3.2 479604 Bytes 11/12/2009 22:44:30
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/12/2009 22:44:28
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 16:59:39
AEHEUR.DLL : 8.1.0.180 2093432 Bytes 11/12/2009 22:44:27
AEHELP.DLL : 8.1.7.0 237940 Bytes 11/12/2009 22:44:25
AEGEN.DLL : 8.1.1.74 364917 Bytes 11/12/2009 22:44:25
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/12/2009 22:44:24
AECORE.DLL : 8.1.8.2 184694 Bytes 11/12/2009 22:44:24
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 22:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 17:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, November 12, 2009 17:30

Starting search for hȋdden objects.
'39622' objects were checked, '0' hȋdden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'PokerStars.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'mmtask.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028833.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028834.scr
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP183\A0029236.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

Beginning disinfection:
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028833.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b2ca27e.qua'!
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP178\A0028834.scr
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b2ca27f.qua'!
C:\System Volume Information\_restore{4C9CD2AC-0854-47F4-ADD1-9B1E100E509B}\RP183\A0029236.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4a5ef5d8.qua'!


End of the scan: Thursday, November 12, 2009 18:03
Used time: 32:41 Minute(s)

The scan has been done completely.

4594 Scanned directories
114897 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
114893 Files not concerned
728 Archives were scanned
1 Warnings
4 Notes
39622 Objects were scanned with rootkit scan
0 hȋdden objects were found

Ok...I've tried putting that command in the *run* window...I am seeing a window trying to pop-up...which looks like the dds scan window..( all black)...but it is just disappearing before I can do anything else

Hello.
That is all that is meant to happen, black window popups, then closes again real quick.

Avira report is fine, just restore points.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Ok...I've installed firefox as you suggested...I already had the windows updates turned on, so there were no updates I needed...and I uninstalled spysweeper, as well as downloaded outpost firewall.

Still getting the static from my speakers..even when I have the volume turned all the way down, so that's a bit annoying, but other than that, everything seems to be running decent.

I'll certainly go fill out the form for you..as well as ask..your suggestion of size of system I should upgrade to. Since this is about 6 years old now, I think I might go ahead and see if I can still get a little out of it and put it towards something newer....