HijackThis Logfile: Internet not working right.

S

supermom08

New Member
Hello,

I have an emachine an am running windows xp home edition. My computer is running slow and my internet searching is limited to only windows live search. I cannot search from yahoo, google, etc., only windows live. The pop-ups are ridiculous. There are so many and there are some really vulgar pop-ups. I don't know what has happened, so any help is greatly appreciated. Thank in advance. I have included a hijackthis logfile listed below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:50 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\ie.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\?ssembly\r?gsvr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\snjjfdxm.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM03b31f37] Rundll32.exe "C:\WINDOWS\system32\deqihptt.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Zxynwzb] "C:\Documents and Settings\Owner\Application Data\?asks\w?wexec.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Owner\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\system32\MBOLS~1\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Fngwhlmg] "C:\Documents and Settings\Owner\Application Data\W?nSxS\m?iexec.exe"
O4 - HKCU\..\Run: [Czwqz] "C:\Program Files\?ecurity\w?crtupd.exe"
O4 - HKCU\..\Run: [Njofipyk] "C:\Program Files\S?mantec\n?pdb.exe"
O4 - HKCU\..\Run: [Oehpe] C:\WINDOWS\s?stem\??ool32.exe
O4 - HKCU\..\Run: [Xsg] "C:\Documents and Settings\Owner\Application Data\?ymantec\w?nword.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Newjxb] C:\WINDOWS\system32\??stem32\?hkdsk.exe
O4 - HKCU\..\Run: [Nahp] "C:\Program Files\T?sks\??oolsv.exe"
O4 - HKCU\..\Run: [Npppju] C:\WINDOWS\system32\??mbols\d?dplay.exe
O4 - HKCU\..\Run: [Unqvrv] C:\WINDOWS\system32\?ssembly\r?gsvr32.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~2\DEFEND~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Unknown owner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7727 bytes
 
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Hello, sorry it took so long to get back to ya, but three girls can keep ya busy, especially at bed time. For some reason they all three fight sleep. I ran the combo fix as you said, but it took over 30 minutes to run the first time and just froze up. I was unable to get to the task manager to when it froze up. Task manager said I wasn't allowed to access it. All i could do was just reboot and run it again. I did get a log for the second run and is listed below. The second run went real fast, about ten minutes and did not freeze up. The pop-ups are getting worse and more frequent. I get about 4 or 5 every minute seems like. Again, thanks for the help!!

ComboFix 08-07-29.1 - Owner 2008-07-30 0:10:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\racle~1
C:\Program Files\ecurit~1
C:\Program Files\smante~1
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\tsks~1
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\didduid.ini
C:\WINDOWS\icroso~1
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mbols~1
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\B3p8jFpnejwp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\sstem~1
C:\WINDOWS\stcloader.exe
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mbols~1\??mbols\
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ssembl~1\r?gsvr32.exe
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\wnsxs~1
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 00:03 . 2008-07-30 00:18 294 ---hs---- C:\WINDOWS\system32\mxdfjjns.ini
2008-07-30 00:03 . 2008-07-30 00:03 0 --a------ C:\WINDOWS\BM03b31f37.xml
2008-07-29 20:53 . 2008-07-29 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 20:53 . 2008-07-29 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 20:51 . 2008-07-29 20:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 20:33 . 2008-07-29 20:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 14:24 . 2008-07-29 14:24 83,456 --a------ C:\WINDOWS\system32\snjjfdxm.dll
2008-07-29 14:23 . 2008-07-29 14:23 105,472 --a------ C:\WINDOWS\system32\pipnudxi.dll
2008-07-29 14:23 . 2008-07-29 14:23 105,472 --a------ C:\WINDOWS\system32\aokvmc.dll
2008-07-29 14:16 . 2008-07-29 14:16 91,648 --a------ C:\WINDOWS\system32\deqihptt.dll
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-17 09:35 . 2008-07-17 09:35 268 --ah----- C:\sqmdata19.sqm
2008-07-17 09:35 . 2008-07-17 09:35 244 --ah----- C:\sqmnoopt19.sqm
2008-07-17 01:05 . 2008-07-17 01:05 268 --ah----- C:\sqmdata18.sqm
2008-07-17 01:05 . 2008-07-17 01:05 244 --ah----- C:\sqmnoopt18.sqm
2008-07-16 14:17 . 2008-07-16 14:17 268 --ah----- C:\sqmdata17.sqm
2008-07-16 14:17 . 2008-07-16 14:17 244 --ah----- C:\sqmnoopt17.sqm
2008-07-13 12:03 . 2008-07-13 12:03 244 --ah----- C:\sqmnoopt16.sqm
2008-07-13 12:03 . 2008-07-13 12:03 232 --ah----- C:\sqmdata16.sqm
2008-07-13 12:02 . 2008-07-13 12:02 244 --ah----- C:\sqmnoopt15.sqm
2008-07-13 12:02 . 2008-07-13 12:02 232 --ah----- C:\sqmdata15.sqm
2008-07-13 11:59 . 2008-07-13 11:59 244 --ah----- C:\sqmnoopt14.sqm
2008-07-13 11:59 . 2008-07-13 11:59 232 --ah----- C:\sqmdata14.sqm
2008-07-13 10:45 . 2008-07-29 14:43 268 --ah----- C:\sqmdata13.sqm
2008-07-13 10:45 . 2008-07-29 14:43 244 --ah----- C:\sqmnoopt13.sqm
2008-07-06 10:40 . 2008-07-22 15:13 268 --ah----- C:\sqmdata12.sqm
2008-07-06 10:40 . 2008-07-22 15:13 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 10:33 . 2008-07-21 22:17 268 --ah----- C:\sqmdata11.sqm
2008-07-06 10:33 . 2008-07-21 22:17 244 --ah----- C:\sqmnoopt11.sqm
2008-07-04 18:12 . 2008-07-21 20:33 268 --ah----- C:\sqmdata10.sqm
2008-07-04 18:12 . 2008-07-21 20:33 244 --ah----- C:\sqmnoopt10.sqm
2008-07-03 12:56 . 2008-07-21 20:14 268 --ah----- C:\sqmdata09.sqm
2008-07-03 12:56 . 2008-07-21 20:14 244 --ah----- C:\sqmnoopt09.sqm
2008-07-03 12:08 . 2008-07-21 00:46 268 --ah----- C:\sqmdata08.sqm
2008-07-03 12:08 . 2008-07-21 00:46 244 --ah----- C:\sqmnoopt08.sqm
2008-07-03 00:05 . 2008-07-20 11:09 268 --ah----- C:\sqmdata07.sqm
2008-07-03 00:05 . 2008-07-20 11:09 244 --ah----- C:\sqmnoopt07.sqm
2008-07-02 22:53 . 2008-07-18 18:22 268 --ah----- C:\sqmdata06.sqm
2008-07-02 22:53 . 2008-07-18 18:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-02 22:49 . 2008-07-18 10:46 268 --ah----- C:\sqmdata05.sqm
2008-07-02 22:49 . 2008-07-18 10:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-02 22:29 . 2008-04-23 00:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-02 22:29 . 2007-04-17 05:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-02 22:29 . 2007-03-08 01:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-02 22:29 . 2008-04-23 00:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-02 22:29 . 2008-04-23 00:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-02 22:29 . 2008-04-23 00:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-02 22:29 . 2008-04-23 00:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-02 22:29 . 2008-04-23 00:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-02 22:29 . 2008-04-22 03:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 16:10 . 2008-07-18 09:34 268 --ah----- C:\sqmdata04.sqm
2008-06-23 16:10 . 2008-07-18 09:34 244 --ah----- C:\sqmnoopt04.sqm
2008-06-20 08:44 . 2008-06-20 08:44 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2008-06-16 06:34 . 2008-07-18 09:21 268 --ah----- C:\sqmdata03.sqm
2008-06-16 06:34 . 2008-07-18 09:21 244 --ah----- C:\sqmnoopt03.sqm
2008-06-15 10:11 . 2008-07-17 23:41 268 --ah----- C:\sqmdata02.sqm
2008-06-15 10:11 . 2008-07-17 23:41 244 --ah----- C:\sqmnoopt02.sqm
2008-06-15 09:54 . 2008-07-17 23:16 268 --ah----- C:\sqmdata01.sqm
2008-06-15 09:54 . 2008-07-17 23:16 244 --ah----- C:\sqmnoopt01.sqm
2008-06-14 22:06 . 2008-07-17 10:37 268 --ah----- C:\sqmdata00.sqm
2008-06-14 22:06 . 2008-07-17 10:37 244 --ah----- C:\sqmnoopt00.sqm
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 01:29 --------- d-----w C:\Program Files\Bat
2008-07-22 19:30 148 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-07-03 16:31 67,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 16:31 5,799,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 16:31 3,788 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 16:31 12,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 14:02 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 14:02 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-05 01:18 --------- d-----w C:\Program Files\IBM and Crayola
2008-05-28 22:20 --------- d-----w C:\Program Files\MSN Messenger
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 16:26 229,527 ----a-w C:\WINDOWS\system32\000080.exe
2006-03-22 05:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2007-03-27 15:09 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61b61d31-f549-4970-8f92-ee2b136df482}]
2008-07-29 14:23 105472 --a------ C:\WINDOWS\system32\aokvmc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zxynwzb"="C:\Documents and Settings\Owner\Application Data\?asks\w?wexec.exe" [?]
"Fngwhlmg"="C:\Documents and Settings\Owner\Application Data\W?nSxS\m?iexec.exe" [?]
"Czwqz"="C:\Program Files\?ecurity\w?crtupd.exe" [?]
"Njofipyk"="C:\Program Files\S?mantec\n?pdb.exe" [?]
"Oehpe"="C:\WINDOWS\s?stem\??ool32.exe" [?]
"Xsg"="C:\Documents and Settings\Owner\Application Data\?ymantec\w?nword.exe" [?]
"Newjxb"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" [?]
"Nahp"="C:\Program Files\T?sks\??oolsv.exe" [?]
"Npppju"="C:\WINDOWS\system32\??mbols\d?dplay.exe" [?]
"Unqvrv"="C:\WINDOWS\system32\?ssembly\r?gsvr32.exe" [?]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32 86016]
"00802cab"="C:\WINDOWS\system32\snjjfdxm.dll" [2008-07-29 14:24 83456]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 20:34 169984]
"BM03b31f37"="C:\WINDOWS\system32\deqihptt.dll" [2008-07-29 14:16 91648]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 12:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Bat - Auto Update.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Bat - Auto Update.lnk
backup=C:\WINDOWS\pss\Bat - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dulufs]
C:\Documents and Settings\Owner\Application Data\W?nSxS\n?tepad.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 17:03 125528 C:\Program Files\Common Files\AOL\1131383480\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 21:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-02-25 22:24 966656 C:\WINDOWS\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9186040D-1CC3-4A06-AAF9-E308CF54D6E6} - C:\WINDOWS\system32\byXPGArR.dll
BHO-{D7FA2BDC-2CD0-4260-AC2E-44BABF9F37A1} - C:\WINDOWS\system32\urqOEwwv.dll
HKCU-Run-Cpue - C:\WINDOWS\system32\MBOLS~1\wowexec.exe
ShellExecuteHooks-{9186040D-1CC3-4A06-AAF9-E308CF54D6E6} - C:\WINDOWS\system32\byXPGArR.dll
Notify-byXPGArR - byXPGArR.dll
MSConfigStartUp-trioService - C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.my.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 00:15:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-30 0:21:56 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-07-30 04:21:53

Pre-Run: 69,280,288,768 bytes free
Post-Run: 70,232,043,520 bytes free

310 --- E O F --- 2008-06-11 07:02:51
 
Hello, sorry it took so long to get back to ya, but three girls can keep ya busy, especially at bed time. For some reason they all three fight sleep. I ran the combo fix as you said, but it took over 30 minutes to run the first time and just froze up. I was unable to get to the task manager to when it froze up. Task manager said I wasn't allowed to access it. All i could do was just reboot and run it again. I did get a log for the second run and is listed below. The second run went real fast, about ten minutes and did not freeze up. The pop-ups are getting worse and more frequent. I get about 4 or 5 every minute seems like. Again, thanks for the help!!

ComboFix 08-07-29.1 - Owner 2008-07-30 0:10:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\racle~1
C:\Program Files\ecurit~1
C:\Program Files\smante~1
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\tsks~1
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\didduid.ini
C:\WINDOWS\icroso~1
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mbols~1
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\B3p8jFpnejwp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\sstem~1
C:\WINDOWS\stcloader.exe
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mbols~1\??mbols\
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ssembl~1\r?gsvr32.exe
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\wnsxs~1
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 00:03 . 2008-07-30 00:18 294 ---hs---- C:\WINDOWS\system32\mxdfjjns.ini
2008-07-30 00:03 . 2008-07-30 00:03 0 --a------ C:\WINDOWS\BM03b31f37.xml
2008-07-29 20:53 . 2008-07-29 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 20:53 . 2008-07-29 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 20:51 . 2008-07-29 20:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 20:33 . 2008-07-29 20:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 14:24 . 2008-07-29 14:24 83,456 --a------ C:\WINDOWS\system32\snjjfdxm.dll
2008-07-29 14:23 . 2008-07-29 14:23 105,472 --a------ C:\WINDOWS\system32\pipnudxi.dll
2008-07-29 14:23 . 2008-07-29 14:23 105,472 --a------ C:\WINDOWS\system32\aokvmc.dll
2008-07-29 14:16 . 2008-07-29 14:16 91,648 --a------ C:\WINDOWS\system32\deqihptt.dll
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-17 09:35 . 2008-07-17 09:35 268 --ah----- C:\sqmdata19.sqm
2008-07-17 09:35 . 2008-07-17 09:35 244 --ah----- C:\sqmnoopt19.sqm
2008-07-17 01:05 . 2008-07-17 01:05 268 --ah----- C:\sqmdata18.sqm
2008-07-17 01:05 . 2008-07-17 01:05 244 --ah----- C:\sqmnoopt18.sqm
2008-07-16 14:17 . 2008-07-16 14:17 268 --ah----- C:\sqmdata17.sqm
2008-07-16 14:17 . 2008-07-16 14:17 244 --ah----- C:\sqmnoopt17.sqm
2008-07-13 12:03 . 2008-07-13 12:03 244 --ah----- C:\sqmnoopt16.sqm
2008-07-13 12:03 . 2008-07-13 12:03 232 --ah----- C:\sqmdata16.sqm
2008-07-13 12:02 . 2008-07-13 12:02 244 --ah----- C:\sqmnoopt15.sqm
2008-07-13 12:02 . 2008-07-13 12:02 232 --ah----- C:\sqmdata15.sqm
2008-07-13 11:59 . 2008-07-13 11:59 244 --ah----- C:\sqmnoopt14.sqm
2008-07-13 11:59 . 2008-07-13 11:59 232 --ah----- C:\sqmdata14.sqm
2008-07-13 10:45 . 2008-07-29 14:43 268 --ah----- C:\sqmdata13.sqm
2008-07-13 10:45 . 2008-07-29 14:43 244 --ah----- C:\sqmnoopt13.sqm
2008-07-06 10:40 . 2008-07-22 15:13 268 --ah----- C:\sqmdata12.sqm
2008-07-06 10:40 . 2008-07-22 15:13 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 10:33 . 2008-07-21 22:17 268 --ah----- C:\sqmdata11.sqm
2008-07-06 10:33 . 2008-07-21 22:17 244 --ah----- C:\sqmnoopt11.sqm
2008-07-04 18:12 . 2008-07-21 20:33 268 --ah----- C:\sqmdata10.sqm
2008-07-04 18:12 . 2008-07-21 20:33 244 --ah----- C:\sqmnoopt10.sqm
2008-07-03 12:56 . 2008-07-21 20:14 268 --ah----- C:\sqmdata09.sqm
2008-07-03 12:56 . 2008-07-21 20:14 244 --ah----- C:\sqmnoopt09.sqm
2008-07-03 12:08 . 2008-07-21 00:46 268 --ah----- C:\sqmdata08.sqm
2008-07-03 12:08 . 2008-07-21 00:46 244 --ah----- C:\sqmnoopt08.sqm
2008-07-03 00:05 . 2008-07-20 11:09 268 --ah----- C:\sqmdata07.sqm
2008-07-03 00:05 . 2008-07-20 11:09 244 --ah----- C:\sqmnoopt07.sqm
2008-07-02 22:53 . 2008-07-18 18:22 268 --ah----- C:\sqmdata06.sqm
2008-07-02 22:53 . 2008-07-18 18:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-02 22:49 . 2008-07-18 10:46 268 --ah----- C:\sqmdata05.sqm
2008-07-02 22:49 . 2008-07-18 10:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-02 22:29 . 2008-04-23 00:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-02 22:29 . 2007-04-17 05:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-02 22:29 . 2007-03-08 01:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-02 22:29 . 2008-04-23 00:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-02 22:29 . 2008-04-23 00:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-02 22:29 . 2008-04-23 00:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-02 22:29 . 2008-04-23 00:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-02 22:29 . 2008-04-23 00:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-02 22:29 . 2008-04-22 03:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 16:10 . 2008-07-18 09:34 268 --ah----- C:\sqmdata04.sqm
2008-06-23 16:10 . 2008-07-18 09:34 244 --ah----- C:\sqmnoopt04.sqm
2008-06-20 08:44 . 2008-06-20 08:44 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2008-06-16 06:34 . 2008-07-18 09:21 268 --ah----- C:\sqmdata03.sqm
2008-06-16 06:34 . 2008-07-18 09:21 244 --ah----- C:\sqmnoopt03.sqm
2008-06-15 10:11 . 2008-07-17 23:41 268 --ah----- C:\sqmdata02.sqm
2008-06-15 10:11 . 2008-07-17 23:41 244 --ah----- C:\sqmnoopt02.sqm
2008-06-15 09:54 . 2008-07-17 23:16 268 --ah----- C:\sqmdata01.sqm
2008-06-15 09:54 . 2008-07-17 23:16 244 --ah----- C:\sqmnoopt01.sqm
2008-06-14 22:06 . 2008-07-17 10:37 268 --ah----- C:\sqmdata00.sqm
2008-06-14 22:06 . 2008-07-17 10:37 244 --ah----- C:\sqmnoopt00.sqm
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 01:29 --------- d-----w C:\Program Files\Bat
2008-07-22 19:30 148 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-07-03 16:31 67,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 16:31 5,799,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 16:31 3,788 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 16:31 12,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 14:02 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 14:02 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-05 01:18 --------- d-----w C:\Program Files\IBM and Crayola
2008-05-28 22:20 --------- d-----w C:\Program Files\MSN Messenger
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 16:26 229,527 ----a-w C:\WINDOWS\system32\000080.exe
2006-03-22 05:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2007-03-27 15:09 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61b61d31-f549-4970-8f92-ee2b136df482}]
2008-07-29 14:23 105472 --a------ C:\WINDOWS\system32\aokvmc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zxynwzb"="C:\Documents and Settings\Owner\Application Data\?asks\w?wexec.exe" [?]
"Fngwhlmg"="C:\Documents and Settings\Owner\Application Data\W?nSxS\m?iexec.exe" [?]
"Czwqz"="C:\Program Files\?ecurity\w?crtupd.exe" [?]
"Njofipyk"="C:\Program Files\S?mantec\n?pdb.exe" [?]
"Oehpe"="C:\WINDOWS\s?stem\??ool32.exe" [?]
"Xsg"="C:\Documents and Settings\Owner\Application Data\?ymantec\w?nword.exe" [?]
"Newjxb"="C:\WINDOWS\system32\??stem32\?hkdsk.exe" [?]
"Nahp"="C:\Program Files\T?sks\??oolsv.exe" [?]
"Npppju"="C:\WINDOWS\system32\??mbols\d?dplay.exe" [?]
"Unqvrv"="C:\WINDOWS\system32\?ssembly\r?gsvr32.exe" [?]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32 86016]
"00802cab"="C:\WINDOWS\system32\snjjfdxm.dll" [2008-07-29 14:24 83456]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 20:34 169984]
"BM03b31f37"="C:\WINDOWS\system32\deqihptt.dll" [2008-07-29 14:16 91648]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 12:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 21:47 8720384]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Bat - Auto Update.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Bat - Auto Update.lnk
backup=C:\WINDOWS\pss\Bat - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dulufs]
C:\Documents and Settings\Owner\Application Data\W?nSxS\n?tepad.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 17:03 125528 C:\Program Files\Common Files\AOL\1131383480\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 21:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-02-25 22:24 966656 C:\WINDOWS\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9186040D-1CC3-4A06-AAF9-E308CF54D6E6} - C:\WINDOWS\system32\byXPGArR.dll
BHO-{D7FA2BDC-2CD0-4260-AC2E-44BABF9F37A1} - C:\WINDOWS\system32\urqOEwwv.dll
HKCU-Run-Cpue - C:\WINDOWS\system32\MBOLS~1\wowexec.exe
ShellExecuteHooks-{9186040D-1CC3-4A06-AAF9-E308CF54D6E6} - C:\WINDOWS\system32\byXPGArR.dll
Notify-byXPGArR - byXPGArR.dll
MSConfigStartUp-trioService - C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.my.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 00:15:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-30 0:21:56 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-07-30 04:21:53

Pre-Run: 69,280,288,768 bytes free
Post-Run: 70,232,043,520 bytes free

310 --- E O F --- 2008-06-11 07:02:51
 
New hijackThis logfile

Thank you so much for your help. Here is a new logfile from hijackThis. I have also ran an online virus scan through trendmicro housecall. That helped some. Again, thank you for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:16 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00802cab] rundll32.exe "C:\WINDOWS\system32\snjjfdxm.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM03b31f37] Rundll32.exe "C:\WINDOWS\system32\deqihptt.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1010\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1011\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1012\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...a8/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Unknown owner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6672 bytes
 
Looks like the TrendMicro scan took care of most of it, a few things left:
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\deqihptt.dll
C:\WINDOWS\system32\aokvmc.dll
C:\WINDOWS\system32\pipnudxi.dll
C:\WINDOWS\system32\snjjfdxm.dll
C:\WINDOWS\BM03b31f37.xml
C:\WINDOWS\system32\mxdfjjns.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM03b31f37"=-
"00802cab"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dulufs]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
Thank you so much for your help. I have followed the instructions you have gave me and here is the log from combofix and a new hijackthis log. My computer is running a lot better, but is just slower than normal. I can search now which is wonderful. The pop-ups are almost completely gone. I get one about every ten minutes now. Again, thanks for your help.

ComboFix 08-07-29.1 - Owner 2008-07-31 9:35:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.147 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM03b31f37.xml
C:\WINDOWS\system32\aokvmc.dll
C:\WINDOWS\system32\deqihptt.dll
C:\WINDOWS\system32\mxdfjjns.ini
C:\WINDOWS\system32\pipnudxi.dll
C:\WINDOWS\system32\snjjfdxm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM03b31f37.txt
C:\WINDOWS\BM03b31f37.xml
C:\WINDOWS\system32\aokvmc.dll
C:\WINDOWS\system32\deqihptt.dll
C:\WINDOWS\system32\mxdfjjns.ini
C:\WINDOWS\system32\pipnudxi.dll
C:\WINDOWS\system32\snjjfdxm.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 23:44 . 2008-07-30 23:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-30 23:44 . 2008-07-31 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 11:45 . 2008-07-30 12:51 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-30 11:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 20:53 . 2008-07-29 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 20:53 . 2008-07-29 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 20:51 . 2008-07-29 20:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 20:33 . 2008-07-29 20:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-29 14:16 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-29 14:15 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-17 09:35 . 2008-07-17 09:35 268 --ah----- C:\sqmdata19.sqm
2008-07-17 09:35 . 2008-07-17 09:35 244 --ah----- C:\sqmnoopt19.sqm
2008-07-17 01:05 . 2008-07-17 01:05 268 --ah----- C:\sqmdata18.sqm
2008-07-17 01:05 . 2008-07-17 01:05 244 --ah----- C:\sqmnoopt18.sqm
2008-07-16 14:17 . 2008-07-16 14:17 268 --ah----- C:\sqmdata17.sqm
2008-07-16 14:17 . 2008-07-16 14:17 244 --ah----- C:\sqmnoopt17.sqm
2008-07-13 12:03 . 2008-07-13 12:03 244 --ah----- C:\sqmnoopt16.sqm
2008-07-13 12:03 . 2008-07-13 12:03 232 --ah----- C:\sqmdata16.sqm
2008-07-13 12:02 . 2008-07-13 12:02 244 --ah----- C:\sqmnoopt15.sqm
2008-07-13 12:02 . 2008-07-13 12:02 232 --ah----- C:\sqmdata15.sqm
2008-07-13 11:59 . 2008-07-13 11:59 244 --ah----- C:\sqmnoopt14.sqm
2008-07-13 11:59 . 2008-07-13 11:59 232 --ah----- C:\sqmdata14.sqm
2008-07-13 10:45 . 2008-07-29 14:43 268 --ah----- C:\sqmdata13.sqm
2008-07-13 10:45 . 2008-07-29 14:43 244 --ah----- C:\sqmnoopt13.sqm
2008-07-06 10:40 . 2008-07-22 15:13 268 --ah----- C:\sqmdata12.sqm
2008-07-06 10:40 . 2008-07-22 15:13 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 10:33 . 2008-07-21 22:17 268 --ah----- C:\sqmdata11.sqm
2008-07-06 10:33 . 2008-07-21 22:17 244 --ah----- C:\sqmnoopt11.sqm
2008-07-04 18:12 . 2008-07-21 20:33 268 --ah----- C:\sqmdata10.sqm
2008-07-04 18:12 . 2008-07-21 20:33 244 --ah----- C:\sqmnoopt10.sqm
2008-07-03 12:56 . 2008-07-21 20:14 268 --ah----- C:\sqmdata09.sqm
2008-07-03 12:56 . 2008-07-21 20:14 244 --ah----- C:\sqmnoopt09.sqm
2008-07-03 12:08 . 2008-07-21 00:46 268 --ah----- C:\sqmdata08.sqm
2008-07-03 12:08 . 2008-07-21 00:46 244 --ah----- C:\sqmnoopt08.sqm
2008-07-03 00:05 . 2008-07-20 11:09 268 --ah----- C:\sqmdata07.sqm
2008-07-03 00:05 . 2008-07-20 11:09 244 --ah----- C:\sqmnoopt07.sqm
2008-07-02 22:53 . 2008-07-18 18:22 268 --ah----- C:\sqmdata06.sqm
2008-07-02 22:53 . 2008-07-18 18:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-02 22:49 . 2008-07-18 10:46 268 --ah----- C:\sqmdata05.sqm
2008-07-02 22:49 . 2008-07-18 10:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-02 22:29 . 2008-04-23 00:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-02 22:29 . 2007-04-17 05:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-02 22:29 . 2007-03-08 01:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-02 22:29 . 2008-04-23 00:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-02 22:29 . 2008-04-23 00:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-02 22:29 . 2008-04-23 00:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-02 22:29 . 2008-04-23 00:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-02 22:29 . 2008-04-23 00:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-02 22:29 . 2008-04-22 03:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 16:10 . 2008-07-18 09:34 268 --ah----- C:\sqmdata04.sqm
2008-06-23 16:10 . 2008-07-18 09:34 244 --ah----- C:\sqmnoopt04.sqm
2008-06-20 08:44 . 2008-06-20 08:44 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2008-06-16 06:34 . 2008-07-18 09:21 268 --ah----- C:\sqmdata03.sqm
2008-06-16 06:34 . 2008-07-18 09:21 244 --ah----- C:\sqmnoopt03.sqm
2008-06-15 10:11 . 2008-07-17 23:41 268 --ah----- C:\sqmdata02.sqm
2008-06-15 10:11 . 2008-07-17 23:41 244 --ah----- C:\sqmnoopt02.sqm
2008-06-15 09:54 . 2008-07-17 23:16 268 --ah----- C:\sqmdata01.sqm
2008-06-15 09:54 . 2008-07-17 23:16 244 --ah----- C:\sqmnoopt01.sqm
2008-06-14 22:06 . 2008-07-17 10:37 268 --ah----- C:\sqmdata00.sqm
2008-06-14 22:06 . 2008-07-17 10:37 244 --ah----- C:\sqmnoopt00.sqm
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:23 . 2008-04-14 07:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 03:18 --------- d-----w C:\Program Files\MySpace
2008-07-30 15:42 --------- d-----w C:\Program Files\Java
2008-07-30 01:29 --------- d-----w C:\Program Files\Bat
2008-07-22 19:30 148 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-07-03 16:31 67,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 16:31 5,799,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 16:31 3,788 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 16:31 12,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 14:02 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 14:02 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-05 01:18 --------- d-----w C:\Program Files\IBM and Crayola
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 16:26 229,527 ----a-w C:\WINDOWS\system32\000080.exe
2006-03-22 05:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-30_ 0.21.36.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 18:22:56 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
- 2005-03-04 10:06:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-03-04 10:07:06 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-03-04 11:36:48 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32 86016]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-26 20:34 169984]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 12:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Bat - Auto Update.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Bat - Auto Update.lnk
backup=C:\WINDOWS\pss\Bat - Auto Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 17:03 125528 C:\Program Files\Common Files\AOL\1131383480\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 03:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-02-25 22:24 966656 C:\WINDOWS\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 09:37:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 9:40:55
ComboFix-quarantined-files.txt 2008-07-31 13:40:11
ComboFix2.txt 2008-07-30 04:21:58

Pre-Run: 78,419,267,584 bytes free
Post-Run: 78,412,083,200 bytes free

209 --- E O F --- 2008-06-11 07:02:51


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:12 AM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...a8/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Unknown owner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6412 bytes
 
You must log in or register to reply here.
Back
Top