Hello,

I have Windows XP and for the past week programs have been starting really slow. The Task Manager shows that there are multiple net.exe, net1.exe, cmd.exe, and svchost.exe running, and they keep multiplying.

I download all updates, but three have not installed, all related to .NET Framework. There are some Service Packs that keep failing.

I've run SpyBot S&D and removed whatever it said, but that didn't remove the current issue.

Below is the HiJack This Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:09 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\IDrive\IDriveE Service.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso8/default.asp?affid=105-18&installtype=force&dtag=g6z2j41&langid=1&systempopup=true
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {654B32A7-3103-4F58-B3AE-2D847520C2BE} (GFRCheckBrowser.clsGetVersion) - https://www.gofileroom.com/GFRCheckBrowser.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147026564062
O16 - DPF: {7279DAF9-31ED-45D6-8CDA-E11A0D24956C} (WebForm Launch Server) - http://files.stf.com/Downloads/WebFormServer_v3.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DE1319F8-DE5B-42EB-9407-4067FB8A09FD} - http://wkforms.com/BuildRelease/wkforms/perform%20plus%20III/release/install.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} (QBMASSyncCom1.UserControl1) - https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17478 bytes

Thanks!

hi aliallison

Your log is a few days old. If you still need help simply reply to my post.

Yes, I still need help. Several programs aren't working now (like QuickBooks and Acrobat).

Thanks!

ok. We will get two downloads. the first is really for diagnostics, the second for removing malware.

First:

Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Copy/paste both logs in your reply.

Next:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

I've completed the steps, and I'll post each one in a separate reply. Note that the instructions given by DDS say to zip the Attach log, but I'll post here per your instructions.

Also, the symptoms remain. I still have multiple net1.exe etc. files.

First, the DDS.txt:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Sweaty-Pie at 19:36:01.60 on Thu 11/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.868 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Documents and Settings\Sweaty-Pie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar =
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso8/default.asp?affid=105-18&installtype=force&dtag=g6z2j41&langid=1&systempopup=true
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MegaPanel] c:\program files\acnielsen\homescan internet transporter\HSTrans.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\sweaty~1\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\community
Trusted Zone: intuit.com\my.lacerte
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
DPF: {654B32A7-3103-4F58-B3AE-2D847520C2BE} - hxxps://www.gofileroom.com/GFRCheckBrowser.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147026564062
DPF: {7279DAF9-31ED-45D6-8CDA-E11A0D24956C} - hxxp://files.stf.com/Downloads/WebFormServer_v3.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38073.5079050926
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DE1319F8-DE5B-42EB-9407-4067FB8A09FD} - hxxp://wkforms.com/BuildRelease/wkforms/perform%20plus%20III/release/install.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup161.cab
DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks premier - accountant edition\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sweaty~1\applic~1\mozilla\firefox\profiles\50ykckxq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R?2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2009-2-22 131072]
R2 IDrivePlugin;IDrivePlugin;c:\program files\idrive\IDriveWebM.exe [2009-2-22 53248]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-29 30192]
S3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -slacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlservr.exe -sLACERTEDB [?]
S3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.exe -i lacertedb --> c:\program files\microsoft sql server\mssql$lacertedb\binn\sqlagent.EXE -i LACERTEDB [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-10 24652]

=============== Created Last 30 ================

2009-11-09 15:08:41 0 d-----w- c:\program files\Trend Micro
2009-11-06 16:26:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-06 16:26:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-06 16:10:01 119768374 ----a-w- C:\SYM_REGISTRY_BACKUP.reg
2009-10-21 04:52:21 473088 ----a-w- C:\ISO and NQ PowerPoint Presentation.ppt
2009-10-20 15:28:18 73232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-20 13:36:54 0 d-----w- c:\program files\iPod
2009-10-20 13:36:47 0 d-----w- c:\program files\iTunes
2009-10-20 13:36:47 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-31 22:53:14 92320 ----a-w- c:\docume~1\sweaty~1\applic~1\GDIPFONTCACHEV1.DAT
2009-10-21 04:08:54 3598336 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2005-07-28 03:21:08 0 ----a-w- c:\program files\MCAFEE.Cxe

============= FINISH: 19:38:02.06 ===============

Attach.txt files:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/27/2004 12:56:16 PM
System Uptime: 11/12/2009 7:30:24 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 40.239 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1368: 8/13/2009 7:05:58 AM - Software Distribution Service 3.0
RP1369: 8/15/2009 3:02:12 PM - System Checkpoint
RP1370: 8/16/2009 3:50:06 PM - System Checkpoint
RP1371: 8/18/2009 7:44:59 PM - System Checkpoint
RP1372: 8/21/2009 8:59:06 AM - System Checkpoint
RP1373: 8/22/2009 11:33:00 AM - System Checkpoint
RP1374: 8/23/2009 1:48:49 PM - System Checkpoint
RP1375: 8/24/2009 6:32:11 PM - System Checkpoint
RP1376: 8/26/2009 7:06:43 AM - Software Distribution Service 3.0
RP1377: 8/27/2009 10:43:01 AM - System Checkpoint
RP1378: 8/29/2009 5:09:43 PM - System Checkpoint
RP1379: 8/30/2009 6:32:15 PM - System Checkpoint
RP1380: 8/31/2009 9:11:19 PM - System Checkpoint
RP1381: 9/2/2009 6:36:39 AM - Software Distribution Service 3.0
RP1382: 9/2/2009 10:25:45 PM - Software Distribution Service 3.0
RP1383: 9/3/2009 6:44:55 AM - Software Distribution Service 3.0
RP1384: 9/4/2009 9:53:24 AM - System Checkpoint
RP1385: 9/4/2009 12:00:18 PM - Software Distribution Service 3.0
RP1386: 9/4/2009 10:07:44 PM - Software Distribution Service 3.0
RP1387: 9/5/2009 10:17:48 AM - Software Distribution Service 3.0
RP1388: 9/6/2009 10:48:36 AM - System Checkpoint
RP1389: 9/6/2009 12:00:17 PM - Software Distribution Service 3.0
RP1390: 9/6/2009 4:55:31 PM - Software Distribution Service 3.0
RP1391: 9/7/2009 12:00:16 PM - Software Distribution Service 3.0
RP1392: 9/7/2009 8:45:40 PM - Software Distribution Service 3.0
RP1393: 9/8/2009 11:15:49 AM - Software Distribution Service 3.0
RP1394: 9/10/2009 6:35:14 AM - Software Distribution Service 3.0
RP1395: 9/12/2009 7:49:16 AM - Software Distribution Service 3.0
RP1396: 9/12/2009 12:00:37 PM - Software Distribution Service 3.0
RP1397: 9/12/2009 11:14:57 PM - Software Distribution Service 3.0
RP1398: 9/13/2009 9:26:52 PM - Software Distribution Service 3.0
RP1399: 9/14/2009 6:45:39 AM - Software Distribution Service 3.0
RP1400: 9/14/2009 8:30:13 PM - Software Distribution Service 3.0
RP1401: 9/15/2009 9:34:59 AM - Software Distribution Service 3.0
RP1402: 9/15/2009 11:00:02 AM - Software Distribution Service 3.0
RP1403: 9/16/2009 7:40:51 AM - Software Distribution Service 3.0
RP1404: 9/17/2009 9:22:08 PM - System Checkpoint
RP1405: 9/17/2009 11:48:09 PM - Software Distribution Service 3.0
RP1406: 9/18/2009 7:11:32 AM - Software Distribution Service 3.0
RP1407: 9/19/2009 5:38:11 AM - Software Distribution Service 3.0
RP1408: 9/19/2009 12:00:20 PM - Software Distribution Service 3.0
RP1409: 9/19/2009 12:23:24 PM - Software Distribution Service 3.0
RP1410: 9/19/2009 10:02:06 PM - Software Distribution Service 3.0
RP1411: 9/20/2009 12:00:17 PM - Software Distribution Service 3.0
RP1412: 9/20/2009 9:55:28 PM - Software Distribution Service 3.0
RP1413: 9/21/2009 7:35:45 AM - Software Distribution Service 3.0
RP1414: 9/22/2009 4:05:24 AM - Software Distribution Service 3.0
RP1415: 9/22/2009 11:43:59 AM - Software Distribution Service 3.0
RP1416: 9/23/2009 7:24:53 AM - Software Distribution Service 3.0
RP1417: 9/23/2009 9:42:17 PM - Software Distribution Service 3.0
RP1418: 9/23/2009 10:10:09 PM - Software Distribution Service 3.0
RP1419: 9/24/2009 7:49:27 AM - Software Distribution Service 3.0
RP1420: 9/24/2009 11:30:21 PM - Software Distribution Service 3.0
RP1421: 9/25/2009 8:17:11 AM - Software Distribution Service 3.0
RP1422: 9/25/2009 12:00:17 PM - Software Distribution Service 3.0
RP1423: 9/25/2009 1:14:57 PM - Software Distribution Service 3.0
RP1424: 9/26/2009 2:00:17 AM - Software Distribution Service 3.0
RP1425: 9/27/2009 10:14:34 PM - Software Distribution Service 3.0
RP1426: 9/29/2009 6:38:09 AM - Software Distribution Service 3.0
RP1427: 9/29/2009 7:25:30 AM - Software Distribution Service 3.0
RP1428: 9/30/2009 6:38:33 AM - Software Distribution Service 3.0
RP1429: 9/30/2009 7:59:05 AM - Software Distribution Service 3.0
RP1430: 10/1/2009 7:13:13 AM - Software Distribution Service 3.0
RP1431: 10/2/2009 7:57:05 AM - Software Distribution Service 3.0
RP1432: 10/2/2009 9:52:55 PM - Software Distribution Service 3.0
RP1433: 10/3/2009 12:00:19 PM - Software Distribution Service 3.0
RP1434: 10/3/2009 11:33:08 PM - Software Distribution Service 3.0
RP1435: 10/4/2009 12:00:17 PM - Software Distribution Service 3.0
RP1436: 10/5/2009 7:04:35 AM - Software Distribution Service 3.0
RP1437: 10/6/2009 6:56:25 AM - Software Distribution Service 3.0
RP1438: 10/7/2009 6:58:10 AM - System Checkpoint
RP1439: 10/7/2009 8:27:08 AM - Software Distribution Service 3.0
RP1440: 10/8/2009 7:28:40 AM - Software Distribution Service 3.0
RP1441: 10/9/2009 12:22:35 AM - Software Distribution Service 3.0
RP1442: 10/9/2009 7:10:24 AM - Software Distribution Service 3.0
RP1443: 10/10/2009 1:27:00 AM - Software Distribution Service 3.0
RP1444: 10/10/2009 4:12:19 PM - Software Distribution Service 3.0
RP1445: 10/11/2009 7:36:04 PM - System Checkpoint
RP1446: 10/11/2009 10:08:59 PM - Software Distribution Service 3.0
RP1447: 10/12/2009 7:05:04 AM - Software Distribution Service 3.0
RP1448: 10/14/2009 3:12:27 AM - Software Distribution Service 3.0
RP1449: 10/15/2009 4:12:18 AM - System Checkpoint
RP1450: 10/15/2009 12:00:22 PM - Software Distribution Service 3.0
RP1451: 10/15/2009 10:59:21 PM - Software Distribution Service 3.0
RP1452: 10/16/2009 7:57:59 AM - Software Distribution Service 3.0
RP1453: 10/17/2009 9:03:06 AM - System Checkpoint
RP1454: 10/17/2009 12:00:18 PM - Software Distribution Service 3.0
RP1455: 10/18/2009 1:21:24 AM - Software Distribution Service 3.0
RP1456: 10/18/2009 12:00:19 PM - Software Distribution Service 3.0
RP1457: 10/18/2009 12:17:29 PM - Software Distribution Service 3.0
RP1458: 10/18/2009 9:01:34 PM - Software Distribution Service 3.0
RP1459: 10/19/2009 9:33:30 AM - Software Distribution Service 3.0
RP1460: 10/19/2009 9:51:19 AM - Software Distribution Service 3.0
RP1461: 10/19/2009 10:33:00 PM - Software Distribution Service 3.0
RP1462: 10/20/2009 9:47:19 AM - Software Distribution Service 3.0
RP1463: 10/20/2009 10:24:11 PM - Software Distribution Service 3.0
RP1464: 10/20/2009 10:24:53 PM - Software Distribution Service 3.0
RP1465: 10/20/2009 10:26:00 PM - Software Distribution Service 3.0
RP1466: 10/20/2009 10:49:41 PM - Software Distribution Service 3.0
RP1467: 10/21/2009 6:59:27 AM - Software Distribution Service 3.0
RP1468: 10/22/2009 8:17:43 AM - Software Distribution Service 3.0
RP1469: 10/22/2009 9:56:50 PM - Software Distribution Service 3.0
RP1470: 10/23/2009 6:46:47 AM - Software Distribution Service 3.0
RP1471: 10/24/2009 12:00:28 PM - Software Distribution Service 3.0
RP1472: 10/24/2009 9:50:17 PM - Software Distribution Service 3.0
RP1473: 10/25/2009 10:37:48 AM - Software Distribution Service 3.0
RP1474: 10/25/2009 12:00:18 PM - Software Distribution Service 3.0
RP1475: 10/25/2009 3:33:34 PM - Software Distribution Service 3.0
RP1476: 10/26/2009 6:59:05 AM - Software Distribution Service 3.0
RP1477: 10/26/2009 10:48:25 PM - Software Distribution Service 3.0
RP1478: 10/27/2009 8:15:26 AM - Software Distribution Service 3.0
RP1479: 10/28/2009 6:25:53 AM - Software Distribution Service 3.0
RP1480: 10/28/2009 8:19:52 AM - Software Distribution Service 3.0
RP1481: 10/29/2009 7:10:52 AM - Software Distribution Service 3.0
RP1482: 10/29/2009 10:19:57 PM - Software Distribution Service 3.0
RP1483: 10/30/2009 7:20:53 AM - Software Distribution Service 3.0
RP1484: 10/31/2009 12:00:20 PM - Software Distribution Service 3.0
RP1485: 10/31/2009 9:42:46 PM - Software Distribution Service 3.0
RP1486: 11/1/2009 1:00:18 PM - Software Distribution Service 3.0
RP1487: 11/1/2009 6:17:07 PM - Software Distribution Service 3.0
RP1488: 11/2/2009 8:12:46 AM - Software Distribution Service 3.0
RP1489: 11/2/2009 11:57:24 PM - Software Distribution Service 3.0
RP1490: 11/3/2009 11:18:22 AM - Software Distribution Service 3.0
RP1491: 11/4/2009 7:53:27 AM - Software Distribution Service 3.0
RP1492: 11/4/2009 11:42:07 PM - Software Distribution Service 3.0
RP1493: 11/5/2009 8:12:09 AM - Software Distribution Service 3.0
RP1494: 11/6/2009 11:07:20 AM - Software Distribution Service 3.0
RP1495: 11/8/2009 6:51:52 PM - System Checkpoint
RP1496: 11/8/2009 9:04:39 PM - Software Distribution Service 3.0
RP1497: 11/9/2009 7:09:11 AM - Software Distribution Service 3.0
RP1498: 11/9/2009 7:29:25 AM - Software Distribution Service 3.0
RP1499: 11/9/2009 9:41:49 PM - Software Distribution Service 3.0
RP1500: 11/10/2009 9:43:54 AM - Software Distribution Service 3.0
RP1501: 11/10/2009 7:31:53 PM - Software Distribution Service 3.0
RP1502: 11/11/2009 9:03:05 PM - System Checkpoint
RP1503: 11/11/2009 9:34:14 PM - Software Distribution Service 3.0
RP1504: 11/12/2009 6:30:11 AM - Software Distribution Service 3.0
RP1505: 11/12/2009 7:03:39 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2002 Lacerte Tax
2003 Lacerte Document Management System
2003 Lacerte Tax
2004 Lacerte Tax
2005 Lacerte Tax
2006 Lacerte Tax
2007 Lacerte Tax
2008 Lacerte Tax
7-Zip 4.65
ABBYY PDF Transformer 2.0
Ad-Aware SE Personal
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.3 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Fonts All
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Adobe® Photoshop® Album Starter Edition 3.0
Adware Away v3.1.4.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
Banctec Service Agreement
Boggle
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCHelp
CCScore
Citrix ICA Web Client
Civilization III
Compatibility Pack for the 2007 Office system
Connect
Coupon Printer for Windows
Dangerous Mines Lite
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
Document eSort Components
eFax Messenger
ERUNT 1.1j
ESPN RunTime
File Finder Full
FileZilla Client 3.2.4.1
FTDI USB Serial Converter Drivers
GoFileRoom Adobe Add-In 5.3
GoFileRoom Office Integration 5.0
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToMeeting/GoToWebinar 3.0.0.198
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Homescan Internet Transporter
Hong Kong Mahjong 1280x1024
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp LaserJet-all-in-one
HP Update
IDrive version 3.2.5 February 18 2009
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.1_05
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Java(TM) 6 Update 7
KSU
kuler
Lacerte Runtime Components
LaserAIO
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft SQL Server Desktop Engine (LACERTEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 6.0 Runtime
Microsoft Windows Journal Viewer
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Moffsoft FreeCalc
Mozilla Firefox (3.5.1)
MSN Gaming Zone
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
Network Magic
Nimo Codecs Pack v5.0 (Remove Only)
NVIDIA Drivers
Opera 9.64
OrderReminder hp LaserJet 3015/3020/3030/3380
Paint Shop Pro 6.0 (CD-ROM)
PartyPoker
PDF-XChange 3
perform plus II 2005
perform plus III
Photoshop Camera Raw
PhotoStitch
Picasa 2
PowerBackup 1.0
Pure Networks Platform
QFolder
Qualxserve Service Agreement
QuickBooks
QuickBooks Premier: Accountant Edition 2009
QuickTime
Rail Empires : Iron Dragon
RAW Image Task 1.1
RealArcade
RealOne Player
Rhapsody Player Engine
Rich Diamond
RoadRunner Rhapsody
Safari
SBC Yahoo! Applications
Scan
Scrabble Complete
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
SimpleOCR 3.1
Skype 2.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spy Sweeper
Spybot - Search & Destroy
Suite Shared Configuration CS4
SupportSoft Assisted Service
Surveyor 1.0.88.243
The Game Of Life
The Sims 2
The Sims 2 Pets
Tradewinds (remove only)
Tradewinds Legends (remove only)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB MassStorage CardReader
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0)
Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 11
Yahoo! Anti-Spy
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! SiteBuilder
Yahoo! Software Update
Zsirozas

==== Event Viewer Messages From Past Week ========

11/9/2009 7:52:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IDriveE Service service to connect.
11/9/2009 7:52:55 PM, error: Service Control Manager [7000] - The IDriveE Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/9/2009 7:37:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417).
11/9/2009 7:37:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).
11/9/2009 7:37:44 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
11/8/2009 7:28:21 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

==== End Of File ===========================

MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 5.1.2600 Service Pack 3

11/12/2009 10:57:22 PM
mbam-log-2009-11-12 (22-57-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 398562
Time elapsed: 3 hour(s), 9 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.bvgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v3.1.4.7_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\Memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\Memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\activex.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdwareAway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\autorun.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\DiagnosticScan.SYS (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EnumAutoRun.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EnumDlls.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\explorerbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\fa.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\FixDesktopBackground.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\folderdll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iebhotoolbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iepage.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ietoolbarbutton.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlprefix.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlsearchhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\lsp.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\nameserver.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\notifydll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\overall.log (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\process.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\protocolfilter.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ScanAtStartup.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\screenshot.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\securitysite.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\service.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\shellextension.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\shellextensionhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\SPAP.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\svchostdll.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\sysrestriction.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\uninstall.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\Update2.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Uninstall.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\User Manual.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sweaty-Pie\Desktop\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

ok thanks for the info. To help show all files you can do this:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

Next; navigate to the System 32 dir. and see if you can locate these two;

C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe

If so you can go to this link below:
http://www.bleepingcomputer.com/submit-malware.php?channel=67

browse for the files on your computer and upload them to my channel using the send button. Both net.exe and cmd.exe are legit OS files, but I will check it out.

I sent the two files. Please verify that I submitted correctly.

Thanks!

hi,

Got the files, thanks. The good news is they are legit Window files. By any chance did you see if they are still appearing in task manager after you ran Malwarebytes?

Hi. Malware removed the infected files and folders and asked for a restart. After the computer restarted, I still had the same problems. So in my Task Manager, I still have multiple net.exe, net1.exe, cmd.exe, and svchost.exe running. You can watch them multiply every 10 seconds or so.

So I'm still having the issues. What shall I do now?

We will get another look with rootrepeal:

Please download: RootRepeal

http://ad13.geekstogo.com/RootRepeal.exe

Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check everything:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan

May take some time to complete.
When done click the Save Report button.
Save the report to your desktop
To Exit RootRepeal: click File>Exit
Post the report in your reply

Here is the RootRepeal report.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 07:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6271000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7995000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB45FE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\idrive\scheduletracefile.txt
Status: Size mismatch (API: 3714080, Raw: 3713722)

Path: c:\windows\temp\mcmsc_l09th35yhrmvo0b
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_pruv3plljltez2e
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_xgg4arhzgjldzhz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Sweaty-Pie\Cookies\sweaty-pie@collegehumor[1].txt
Status: Locked to the Windows API!

Path: c:\program files\idrive\idriveealiallison\traytracefile.txt
Status: Size mismatch (API: 6674, Raw: 6486)

Path: C:\Documents and Settings\Baby-Puppe\Local Settings\Apps\2.0\9G31BVEJ.L2B\HALT98W6.MT3\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Baby-Puppe\Local Settings\Apps\2.0\9G31BVEJ.L2B\HALT98W6.MT3\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==

Log looks ok, dosnt appear to be malware related anyway. See if this digs up anything, just trying to find out what process is causing it.

go to start>run and type in cmd then click ok or enter. At the prompt

you can copy/paste in whats below;



net session >C:\net.txt

You should find the net.txt file located in your root drive C:
It may simply say;"There are no entries in the list."

I pasted "net session >C:\net.txt" into the Run field, but the window with the black background just flashes. I can't tell if any text was shown as it closes too quickly.

There is no net.txt file on my root C: drive. I did a search and couldn't find the file anywhere on my C: drive (my only hard drive).

Type in cmd in the run field first then click enter to open a shell. Then copy paste in
net session >C:\net.txt
Probably wont be any useful information anyway. There is software on your machine that must be causing this.

You can do some experimenting;
Open task manager and see if net, cmd etc (you can have multiply svchost) are running then exit task manager.

Close out a program thats running. You can exit/stop/disable it by right clicking on one of the icons by the system clock, one at a time. Not all may have features to disable it, just get what you can one at a time. After exiting a program using the icon: start task manager again and see if you see any net.exe or cmd running. you see what we are trying to do, find the software thats causing this by elimination.

The cmd didn't give me anything.

So just as I started my computer to view your response, the iDrive backup wasn't starting. I also noticed that the net and net1 wasn't showing up.

So after restarting my computer with iDrive going, I saw that net, net1, and cmd were multiplying. I exited iDrive, and the net, net1, and cmd stopped multiplying and then shrank down to nothing. So there is strong evidence that it's iDrive.

Any thought as to why iDrive would cause multiplying net, net1, and cmd images? I'm going to search their website for information.

Thanks for your help!

ok good. Process of elimination. Why its spawning all the net, cmd etc cant say. Obviously its using these Windows files.
If you manually back up files then idrive would only have to be running at that time, you could start it manually first- back up files- then exit the program. This should take care of all the net, cmd processes you see in task manager all the time. There should be a way to have it not start when Windows boots up.

If you have scheduled backups then most likely it would have to be running all the time and present in the system tray all the time which would leave you where you started. Do you use the scheduled backups?

Poking around the web site would be helpful to try to find a solution, no doubt you could E-mail support also.
If you right click on the app in the tray you will see a option for "send error report" technically your not getting a error report but you could tell them you are seeing all the spawning net, cmd processes in task manager when its running. It would also self attach log/trace files that it may have generated that might be helpful to support.

It's definitely iDrive. It turns on automatically to back up, and I come to my computer and see it backing up and there's all sorts of net, net1 and cmd. I'll cancel the backup and then close it from my tray. Then I'll see the multiple net, net1, and cmd drop off until I'm left with none.

I did a web search but couldn't find others with the problem. I tried to send a support message to iDrive, but I'm not sure if it worked. I'll follow up with iDrive if I don't hear anything back.

Thanks for your help. I've got my computer back now.

You can remove the Rootrepeal icon by deleting it. Keep malwarebytes and its good practice to keep it updated even if you dont scan with it a lot. the updates will help to cover the new threats that come out. The paid version has auto updating features.

Looks like the idrive service may be failing to start up sometimes- resulting in the net.exe etc. I can provide you with instructions to try and start it up manually if you want. its easy. Another possibility could be a conflict with your Antivirus suite.



In any case here are some tips for you to remain malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:


1) It is essential to keep your version of Windows (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) your browser(s) (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If you frequently have malware then you should review your computer habits.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the limitations of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0 Read the FAQ's.

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p (http://www.virusvault.us/p2p.html) networks then you are much more likely to encounter malicious code. There is plenty of malware distributed on the networks. Do you trust the source of the file? Do you really need another malware source?

A longer version in link below.