[dazkool]

Righto, ComboFix downloaded and run.

Here is the resulting log:

ComboFix 07-09-10.6 - "Darren" 2007-09-12 16:54:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.225 [GMT 1:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Darren\APPLIC~1\WinTouch
C:\DOCUME~1\Darren\APPLIC~1\WinTouch\wintouch.cfg
C:\Program Files\Common Files\{10A1F~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\Common Files\ystem3~1\?ystem32\
C:\WINDOWS\system32\brce.dll
C:\WINDOWS\system32\wintsu32.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.
2007-09-12 16:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 16:53 1,485,491 --a------ C:\ComboFix.exe
2007-09-12 11:43 113,664 --a------ C:\VundoFix.exe
2007-09-12 11:43 <DIR> d-------- C:\VundoFix Backups
2007-09-11 18:27 679,424 --a------ C:\WINDOWS\is-5TL9C.exe
2007-09-11 14:47 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-11 14:47 <DIR> d-------- C:\Program Files\ffdshow
2007-09-11 14:45 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-11 12:38 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Sports Interactive
2007-09-10 18:48 <DIR> d-------- C:\Football Manager 2007
2007-08-30 18:23 <DIR> d-------- C:\DOCUME~1\Darren\Incomplete
2007-08-30 18:23 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\LimeWire
2007-08-29 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-29 14:55 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-08-29 14:55 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-08-29 14:55 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Jasc Software Inc
2007-08-29 12:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-29 12:08 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-29 12:08 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-08-29 12:06 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Sunbelt Software
2007-08-29 11:47 <DIR> d-------- C:\WINDOWS\pss
2007-08-29 11:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-28 19:00 <DIR> d-------- C:\DOCUME~1\Darren\Contacts
2007-08-28 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 18:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-28 18:36 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-28 18:08 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-28 18:03 <DIR> d-------- C:\quarantine
2007-08-28 16:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-28 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-28 16:47 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\WinRAR
2007-08-28 16:46 <DIR> d-------- C:\Program Files\LimeWire
2007-08-28 16:19 <DIR> d-------- C:\Program Files\Webroot
2007-08-28 16:19 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-28 16:19 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Webroot
2007-08-28 16:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-28 16:18 69,960 --a------ C:\WINDOWS\Unwash6.exe
2007-08-28 15:12 <DIR> d-------- C:\Program Files\BitComet
2007-08-28 15:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-28 15:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-28 14:58 <DIR> d-------- C:\Program Files\Real
2007-08-28 14:58 <DIR> d-------- C:\Program Files\Common Files\Real
2007-08-28 14:58 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Real
2007-08-28 14:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-28 14:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-28 14:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-28 14:54 <DIR> d-------- C:\DOCUME~1\Darren\APPLIC~1\Lavasoft
2007-08-28 14:50 <DIR> d-------- C:\Program Files\QuickTime
2007-08-28 14:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-28 14:48 <DIR> d--hs---- C:\WINDOWS\RGFycmVuIENhc3RlbGxpbm8
2007-08-28 14:41 <DIR> d-------- C:\Program Files\Winamp
2007-08-28 14:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-28 13:58 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-28 13:52 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-28 13:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-08-28 13:44 <DIR> d-------- C:\Program Files\Nero
2007-08-28 13:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-28 13:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-28 13:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-28 13:42 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-28 13:42 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-28 13:42 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-08-28 13:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-28 13:25 <DIR> d-------- C:\Downloads
2007-08-28 13:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-28 13:19 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-28 13:19 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-28 13:18 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-28 13:18 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-28 13:17 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-28 13:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-28 13:16 <DIR> dr-h----- C:\MSOCache
2007-08-28 13:14 163,840 --a------ C:\WINDOWS\system32\LexLog.dll
2007-08-28 13:14 <DIR> d-------- C:\Program Files\Lexmark
2007-08-28 13:12 59,904 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-08-28 13:12 117,024 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-08-28 13:12 <DIR> d-------- C:\Program Files\Network Associates
2007-08-28 13:12 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-08-28 13:12 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-08-28 13:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
2007-08-28 13:09 81,920 --------- C:\WINDOWS\system32\drivers\iansmsg.dll
2007-08-28 13:09 376,832 --------- C:\WINDOWS\system32\Ncs2DMIX.dll
2007-08-28 13:09 372,736 --------- C:\WINDOWS\system32\NcsCoLib.dll
2007-08-28 13:09 249,856 --------- C:\WINDOWS\system32\Accesor.dll
2007-08-28 13:09 19,456 --------- C:\WINDOWS\system32\drivers\iqvw32.sys
2007-08-28 13:09 135,168 --------- C:\WINDOWS\system32\PRONtObj.dll
2007-08-28 13:09 110,592 --a------ C:\WINDOWS\system32\drivers\ianswxp.sys
2007-08-28 13:09 <DIR> d-------- C:\Program Files\Intel
2007-08-28 13:07 126,976 --------- C:\WINDOWS\system32\Ncs2InstUtility.dll
2007-08-28 13:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 13:04 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-08-28 13:04 <DIR> d-------- C:\Program Files\Analog Devices
2007-08-28 13:03 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-28 12:58 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-28 12:53 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-08-28 12:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-28 12:51 <DIR> d-------- C:\WINDOWS\fsc
2007-08-28 12:51 <DIR> d-------- C:\AddOn
2007-08-28 12:50 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-28 12:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-08-28 16:00 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 08:47 238888 --a------ C:\WINDOWS\NuNInst.exe
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2005-07-29 15:24:26 472 --sha-r C:\WINDOWS\RGFycmVuIENhc3RlbGxpbm8\l3IVwApRKHh1wal 5v3UDvAf.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 08:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 08:47]
"{10A1F3CD-0A21-2057-0924-03041620002c}"="C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"Uttkrx"="C:\Program Files\??curity\w?crtupd.exe" []
"Tpee"="C:\PROGRA~1\COMMON~1\YSTEM3~1\explorer.exe " []
"WinPop"="C:\Program Files\WinPop\winpop.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"getPlusUninstall_ocx"=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mv stdi5x.sys
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\ EntDrv51.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 13:55:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 16:58:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-09-12 17:00:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 17:00
.
--- E O F ---

[evilfantasy]

How are things now?

I need a fresh HJT log please.

[dazkool]

Seems better. I'm getting pop-ups expecially from this site. Something called "Zwinky!!!" and another one.

Anyways, here's my new HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:30, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [{10A1F3CD-0A21-2057-0924-03041620002c}] "C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Uttkrx] "C:\Program Files\??curity\w?crtupd.exe"
O4 - HKCU\..\Run: [Tpee] "C:\PROGRA~1\COMMON~1\YSTEM3~1\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188305907078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188305964531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D026BD40-E175-44C7-B678-49AFAC612DE7}: NameServer = 217.35.118.222
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9784 bytes

[evilfantasy]

Stubborn indeed!

Open HijackThis and place a check mark next to these entries.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [{10A1F3CD-0A21-2057-0924-03041620002c}] "C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D026BD40-E175-44C7-B678-49AFAC612DE7}: NameServer = 217.35.118.222
Close all windows including this one and then click "Fix checked"

Next follow these steps.
How to view hidden, system files & folders
Windows XP
* Right Click Start.
* Select Explore.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide extensions for known file types option.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Apply.
*Click OK.

Go to C:\ and delete these entries.
C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" mc-110-12-0001291
C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
C:\Program Files\WinPop\winpop.exe
Restart the computer and continue.

================================================== =
Next download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Download Superantispyware (SAS)

SUPERAntispyware Free Edition

Install it and double-click the icon on your desktop to run it.
* It will ask if you want to update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
+ Close browsers before scanning
+ Scan for tracking cookies
+ Terminate memory threats before quarantining.
+ Please leave the others unchecked.
+ Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information for me please do the following:
+ After reboot, double-click the SUPERAntispyware icon on your desktop.
+ Click Preferences. Click the Statistics/Logs tab.
+ Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+ It will open in your default text editor (such as Notepad/Wordpad).
+ Please highlight everything in the notepad, then right-click and choose copy.
* Click close and close again to exit the program.
* Please paste that information here for me with a new HijackThis log.

Let me know how things are now.

[dazkool]

Hi, I have followed all the above steps.

When trying to delete the entries in C:\,

C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" mc-110-12-0001291 - This folder was empty.

C:\Program Files\WinPop\winpop.exe - This folder did not exist.

C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall - File deleted

Upon rebooting, the following error message appeared: The title of the dialog box was "Advanced INF Install" and the message was "Error: Could not locate INF file: C:\Windows\inf\GETPLUSo.INF". I have to press OK and then Windows continues to load the desktop as normal.

Also, I couldn't access the internet after reboot. I had to repair my connection, and re-enter by IP address (it's a static one). After that I was able to connect as normal.

Anyways, here are the logs you requested. SuperAntiSpyware Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/12/2007 at 08:19 PM
Application Version : 3.9.1008
Core Rules Database Version : 3304
Trace Rules Database Version: 1310
Scan type : Complete Scan
Total Scan Time : 02:06:39
Memory items scanned : 416
Memory threats detected : 0
Registry items scanned : 5530
Registry threats detected : 25
File items scanned : 84491
File threats detected : 12
Adware.ClickSpring
HKLM\Software\Classes\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}
HKCR\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}
HKCR\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}\InprocServer32
HKCR\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}\InprocServer32#ThreadingModel
HKCR\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}\Programmable
HKCR\CLSID\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}\TypeLib
C:\WINDOWS\SYSTEM32\BRCE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{EDB6FA73-30BA-1D6F-E558-4D7612610CCB}
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BRCE.DLL.V IR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP29\A0010618.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP38\A0011174.DLL
Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET WORK_MONITOR\0000#DeviceDesc
Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMD SERVICE\0000#DeviceDesc
Trojan.Security Toolbar
C:\Documents and Settings\Darren\Favorites\Antivirus Test Online.url
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINTSU32.E XE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP27\A0010503.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP38\A0011173.EXE
C:\WINDOWS\RGFYCMVUIENHC3RLBGXPBM8\L3IVWAPRKHH1WAL 5V3UDVAF.VBS
C:\WINDOWS\SYSTEM32\WINTSU32.EXE
Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP29\A0010617.EXE
Trojan.Net-Wintouch/V2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E27B915-C1A5-4E84-8AE1-EF567BB161FE}\RP33\A0010791.EXE

And a new HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36, on 2007-09-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [{10A1F3CD-0A21-2057-0924-03041620002c}] "C:\Program Files\Common Files\{10A1F3CD-0A21-2057-0924-03041620002c}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Uttkrx] "C:\Program Files\??curity\w?crtupd.exe"
O4 - HKCU\..\Run: [Tpee] "C:\PROGRA~1\COMMON~1\YSTEM3~1\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188305907078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188305964531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D026BD40-E175-44C7-B678-49AFAC612DE7}: NameServer = 217.35.118.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9667 bytes

[evilfantasy]

I am looking at the log.

How are things now?

[dazkool]

Better. The pop-ups that I get from visiting here are from Tribal Fusion....??

Also - what about the message I get when I restart and log into Windows??

[evilfantasy]

You did remove what Superantispyware found right?

[evilfantasy]

This site has pop-ups. Do you use a pop-up blocker?

The error message is due to windows messenger. Go to add/remove programs and remove "Windows Messenger" Not to be confused with MSN Messenger.

I still see many of the same entries in HJT after you have removed them. All of the fixes we have tried should have taken them out.

Did you have SUPERantiSpyware fix what it found?

[dazkool]

Quote:

Originally Posted by evilfantasy

This site has pop-ups. Do you use a pop-up blocker?

The error message is due to windows messenger. Go to add/remove programs and remove "Windows Messenger" Not to be confused with MSN Messenger.

I still see many of the same entries in HJT after you have removed them. All of the fixes we have tried should have taken them out.

Did you have SUPERantiSpyware fix what it found?

Yes, I did. And yes, I use IE7's pop-up blocker. It's now set to the highest form of blocking.

This is what is bugging me. Everytime HJT removes those entries, they automatically come back! I don't understand why...

Edit: And now I've removed Windows Messenger.