Pop ups and Windows poping up warning about being infected(hijack)

BLK1985

BLK1985

New Member
I was sent a link to a streaming video and it told me I needed to install the latest version of Quicktime. It looked like quicktime to me so I installed it. Big mistake. I am getting a bunch of pop ups and Windows Vista keeps poping up something in the right corner saying I may be infected. It keeps asking for me to install a bunch of different virus programs. Sometimes I will close it and it pops up a bunch of new ones. I have tried running Nod32, Adaware, and AVG Anti spyware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:20 PM, on 1/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\SDP\hpsdpapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bketcham\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7641 bytes

Thanks.
 
Please download SmitfraudFix (by S!Ri) to your Desktop.

Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot to Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter to delete infected files.

You will be prompted :

Registry cleaning - Do you want to clean the registry ?; answer Yes by typing Y and press Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer Yes by typing Y and press Enter.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
 
Im unable to save that to my Desktop. I try to save it somewhere else and it does not download there. Any more advice?
 
ceewi1 said:
BLK1985 said:
I dont want to tie up the thread but those still did not work. This is for Vista Home Premium does that make a difference?
Click to expand...
It should work with Vista, looks like we'll have to do it the difficult way.

The thread's probably easier since this log will probably be too big for a PM:

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Please post that log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
Click to expand...

Here you go:

ComboFix 08-01-08.4 - bketcham 2008-01-08 12:52:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046 [GMT -6:00]
Running from: C:\Users\bketcham\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on\ictun.exe
C:\Program Files\Video Add-on\icun.exe
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfun.exe
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\Users\bketcham\AppData\Roaming\inst.exe
C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 12:51 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-06 22:43 . 2008-01-06 22:43 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-06 22:43 . 2008-01-06 22:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 22:43 . 2008-01-06 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 22:43 . 2008-01-06 22:43 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-01-06 21:43 . 2008-01-06 21:43 <DIR> d-------- C:\Users\bketcham\AppData\Roaming\Grisoft
2008-01-06 21:43 . 2008-01-06 21:43 <DIR> d-------- C:\Users\All Users\Grisoft
2008-01-06 21:43 . 2008-01-06 21:43 <DIR> d-------- C:\PROGRA~2\Grisoft
2008-01-06 21:43 . 2007-05-30 06:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-06 20:20 . 2008-01-06 20:21 <DIR> d-------- C:\Program Files\Zune
2008-01-02 19:49 . 2008-01-02 19:49 <DIR> d-------- C:\Users\All Users\LightScribe
2008-01-02 19:49 . 2008-01-02 19:49 <DIR> d-------- C:\PROGRA~2\LightScribe
2007-12-12 20:44 . 2007-12-12 20:52 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2007-12-12 20:16 . 2007-12-15 19:46 <DIR> d-------- C:\Users\bketcham\AppData\Roaming\GrabIt
2007-12-12 20:13 . 2007-12-12 20:13 <DIR> d-------- C:\Program Files\GrabIt
2007-12-12 18:04 . 2007-12-12 18:04 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 18:04 . 2007-12-12 18:04 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 18:04 . 2007-12-12 18:04 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 18:04 . 2007-12-12 18:04 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 18:02 . 2007-12-12 18:02 3,505,848 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 18:02 . 2007-12-12 18:02 3,472,056 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 18:02 . 2007-12-12 18:02 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 00:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 00:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 00:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 00:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 00:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 00:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 00:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-05 06:08 --------- d-----w C:\Users\bketcham\AppData\Roaming\yahoo!
2007-12-05 06:02 512,096 ----a-w C:\Windows\system32\drivers\amon.sys
2007-12-05 06:02 299,392 ----a-w C:\Windows\System32\imon.dll
2007-12-05 06:02 15,424 ----a-w C:\Windows\system32\drivers\nod32drv.sys
2007-12-05 06:01 --------- d-----w C:\Program Files\VistaCodecPack
2007-12-05 06:01 --------- d-----w C:\PROGRA~2\CyberLink
2007-12-05 06:00 --------- d-----w C:\Program Files\CyberLink
2007-12-05 05:59 505,392 ----a-w C:\Windows\System32\msvcp71.dll
2007-12-05 05:58 --------- d-----w C:\Users\bketcham\AppData\Roaming\Nero
2007-12-05 05:58 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-05 05:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 05:57 --------- d-----w C:\Program Files\Nero
2007-12-05 05:57 --------- d-----w C:\PROGRA~2\Nero
2007-12-05 05:52 --------- d-----w C:\Program Files\OO Software
2007-12-05 05:50 --------- d-----w C:\Users\bketcham\AppData\Roaming\Snapfish
2007-12-05 05:50 --------- d-----w C:\Program Files\Windows Live
2007-12-05 05:49 --------- d-----w C:\Users\bketcham\AppData\Roaming\Vso
2007-12-05 05:49 --------- d-----w C:\Program Files\Roxio
2007-12-05 05:49 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-05 05:42 --------- d-----w C:\Program Files\Microsoft Works
2007-12-05 05:41 --------- d-----w C:\PROGRA~2\Microsoft Help
2007-12-05 05:38 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2007-12-05 05:38 47,360 ----a-w C:\Users\bketcham\AppData\Roaming\pcouffin.sys
2007-12-05 05:38 --------- d-----w C:\Program Files\DVDFab Platinum 4
2007-12-05 05:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 05:34 --------- d-----w C:\Program Files\CCleaner
2007-12-05 05:32 --------- d-----w C:\Program Files\HP Games
2007-12-05 05:30 --------- d-----w C:\PROGRA~2\WildTangent
2007-12-05 05:30 --------- d-----w C:\PROGRA~2\Symantec
2007-11-27 23:57 --------- d-----w C:\Program Files\Rhapsody
2007-11-27 23:16 --------- d--h--w C:\PROGRA~2\yahoo!
2007-11-27 23:16 --------- d-----w C:\Program Files\Yahoo!
2007-11-27 03:14 174 --sha-w C:\Program Files\desktop.ini
2007-11-27 03:11 --------- d-----w C:\Program Files\Windows Mail
2007-11-27 03:11 --------- d-----w C:\Program Files\Windows Calendar
2007-11-27 02:08 --------- d-----w C:\Users\bketcham\AppData\Roaming\Roxio
2007-11-27 02:08 --------- d-----w C:\PROGRA~2\Sonic
2007-11-27 02:05 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-27 02:05 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-27 02:05 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-27 02:05 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-27 02:05 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-27 02:05 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-27 02:05 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-27 02:05 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-27 02:05 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-27 02:05 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-27 02:05 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-27 02:05 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-27 02:05 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-27 02:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-27 02:04 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-27 02:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-27 02:04 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-27 02:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-27 02:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-27 02:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-27 02:04 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-27 02:04 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-27 02:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-27 02:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-27 02:04 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-27 02:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-27 02:04 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-27 02:04 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-27 02:04 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-27 02:04 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-27 02:02 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-27 02:02 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-27 02:02 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-27 02:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-27 02:01 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-27 02:01 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-27 02:01 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-27 02:01 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-27 02:01 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-27 02:01 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-27 02:01 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-27 02:01 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-27 01:59 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-27 01:59 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-27 01:59 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-27 01:59 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-27 01:59 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-27 01:59 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-27 01:59 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-27 01:59 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-27 01:59 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-27 01:59 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-27 01:59 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-27 01:59 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-27 01:59 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-27 01:59 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 06:35 1196032]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 10:16 65536]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 04:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 04:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 04:30 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-05 00:02 950664]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NOD32 FiX.lnk - C:\Windows\System32\regedt32.exe [2006-11-02 02:32:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 04:47:28 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - bketcham.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 12:54:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 12:54:37
ComboFix-quarantined-files.txt 2008-01-08 18:54:35
.
2007-12-13 00:04:24 --- E O F ---
 
That's looking a lot better, please post a new HijackThis log. Are you still getting the popups?
 
It appears to be better too. Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:11 PM, on 1/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\KBD\KbdStub.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\bketcham\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NOD32 FiX.lnk = C:\Windows\System32\regedt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7318 bytes


How do you know what to look for in the Hijack log? Or do you have any links to direct me to to figure out how to read them?

Thanks again.
 
Looks good, just a few final things.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:Please close all open windows except for HijackThis and choose Fix checked

Please reboot and post a new HijackThis log.

With regards to analysing HijackThis logs, http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm is a good first resource. Learning to analyse these logs properly, however, takes considerable time and experience. There are a number of sites that provide training in this area, I listed some of the major ones at http://www.computerforum.com/853855-post10.html
 
Heres the latest:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:53 PM, on 1/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bketcham\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NOD32 FiX.lnk = C:\Windows\System32\regedt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7089 bytes
 
Excellent, your logfile appears to be clean, however there is an important update that I would strongly recommend:
Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    javaicon.gif

    Select it and click Remove.
  • Then Download and install the newest version from here:

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

I notice you are running a number of antispyware programs, which is good.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
Thanks for all the help. I know how to keep it clean I just effed up and did something stupid.

What do you think of NOD32? I have it and many people I work with swear by it but it seems like it does nothing when I run a scan. It seems like I cant actually get rid of anything when I do a scan.
 
I like NOD32, in fact I use it myself. No antivirus is going to be 100% effective, and there are certain files/infections that antivirus programs in general aren't able to disinfect.
 
You must log in or register to reply here.
Back
Top