I am running windows XP on a Dell laptop about 10 yrs old, which I hardly use so it's still running well until it got infected recently. Tred to remove viruses (TeeVeeWatch, Iminent, etc.) but was not completely successful. Here are my logs. Thanks
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Noel at 11:44:49 on 2013-06-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.46 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Umbrella\umbrella.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -
TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - c:\program files\internethelper3.1\prxtbInterror.dll
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInterror.dll
uRun: [cdloader] "c:\documents and settings\csgadm#\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/Shar ... vSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 8890885803
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8911218891
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/ ... leId=19588
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{30BD40D5-B97C-4DB0-9BF9-BE7F16AFBA6B} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\csgadm#\application data\mozilla\firefox\profiles\vgaxm8by.default\
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-6-21 106280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-21 701512]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-5-21 2839592]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-21 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe --> c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [?]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\svrtservice.exe --> c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2013-06-22 11:00:42 -------- d-----w- c:\program files\Microsoft Download Manager
2013-06-22 07:41:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-22 07:17:35 -------- d-----w- C:\MGtools
2013-06-22 06:42:29 -------- d-----w- c:\documents and settings\csgadm#\application data\Malwarebytes
2013-06-22 06:41:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-22 06:23:22 -------- d-----w- c:\program files\HitmanPro
2013-06-22 06:19:51 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-06-22 06:10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-22 06:10:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 04:02:04 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Mozilla
2013-06-22 01:57:16 -------- d-----w- c:\program files\Motive
2013-06-21 20:03:57 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-06-21 20:01:26 -------- d-----w- c:\program files\Sophos
2013-06-21 19:32:27 297808 ----a-w- c:\windows\system32\TBD83.tmp
2013-06-21 19:23:22 771424 ----a-w- c:\windows\system32\TBD78.tmp
2013-06-04 05:18:31 -------- d-----w- c:\program files\CCleaner
2013-06-04 04:23:17 -------- d-----w- c:\documents and settings\csgadm#\application data\Iminent
2013-06-04 04:05:30 -------- d-----w- c:\documents and settings\all users\application data\Iminent
2013-06-04 03:38:19 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\ApplicationHistory
2013-06-04 03:38:07 -------- d-----w- C:\94205964dd8481724cd3477968
2013-06-04 03:02:28 -------- d-----w- C:\864a8b031925f36d3312c436d06a63
2013-06-04 03:01:29 -------- d-----w- c:\program files\common files\Umbrella
2013-06-04 02:48:48 -------- d-----w- c:\program files\MyPC Backup
2013-06-04 02:40:01 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-04 02:36:33 -------- d-----w- c:\program files\Conduit
2013-06-04 02:35:58 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\InternetHelper3.1
2013-06-04 02:35:54 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Temp
2013-06-04 02:35:48 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\Conduit
2013-06-04 02:35:47 -------- d-----w- c:\program files\InternetHelper3.1
2013-06-04 02:17:35 -------- d-----w- c:\documents and settings\csgadm#\local settings\application data\TeeveeWatchSA
.
==================== Find3M ====================
.
2013-06-04 02:40:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:45:28.03 ===============