Internet Speed Monitor - Help! Options

[swcrusader]

My wifes laptop and been infested with slowness and pop-ups. The pop-ups are all titled Internet Speed Monitor. I've searched online and there appears to be no easy fix and most of the fixes I've seen are specific to the individuals system. I have already uninstalled this program but all this does is lessen the random popups, they still happen every few minutes. Before I go trawling through the registry I'd thought I'd try help from experts. I've run adaware even in safe mode but again to no avail, it removes this stuff and then it pops right back up. Please help, this is driving my wife (and hence me) nuts!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:34 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ISM2\ISMPack6.exe
C:\PROGRA~1\SMANTE~1\chkdsk.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\GameHouse\TextTwist\TextTwist.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Denise McDonald\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B1C253D-320A-4EE4-9119-B5165780B481} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {3C03A265-AF30-42AE-8A38-10F39E8663BE} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {69F42D1C-B2F7-B527-A848-E72B2B9782C8} - C:\WINDOWS\system32\dbernfhc.dll (file missing)
O2 - BHO: (no name) - {6E813A76-6300-4682-803F-906DE122D7D8} - C:\Program Files\Common Files\hoket83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C66552A1-E3F0-4375-8DCA-D01DEBA6C818} - C:\Program Files\Common Files\hoket4444.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\rlubyclm.dll (file missing)
O2 - BHO: (no name) - {E3CF3F94-D3C3-4822-8016-0C804AB22D3F} - \
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\upneukhn.dll",sitypnow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [Htre] "C:\PROGRA~1\SMANTE~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Lbj] "C:\Program Files\?racle\e?plorer.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcdbby - ddcdbby.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\profsycyc.html

--
End of file - 6665 bytes

[jurgenv]

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

[swcrusader]

Thanks for the help! My wife is frantic about this and blames herself. Here are the logs you'e looking for:

combofix report:


ComboFix 07-10-10 - Denise McDonald 2007-10-09 10:31:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -7:00]
Running from: C:\Documents and Settings\Denise McDonald\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Denise McDonald\ResErrors.log
C:\Documents and Settings\Denise McDonald\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Denise McDonald\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Denise McDonald\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\ComPlus Applications\profsycyc.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\racle~1
C:\Program Files\racle~1\e?plorer.exe
C:\Program Files\smante~1
C:\Program Files\smante~1\chkdsk.exe
C:\Program Files\smante~1\S?mantec\
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\b1
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 10:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 10:27 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-07 18:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-07 17:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-07 12:05 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-10-07 11:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-07 10:56 6,465 --ahs---- C:\WINDOWS\system32\ddeeg.bak1
2007-10-07 10:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-07 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-07 10:42 1,978,092 --ahs---- C:\WINDOWS\system32\fhhkj.bak2
2007-10-07 10:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 10:28 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-06 16:22 1,976,700 --ahs---- C:\WINDOWS\system32\fhhkj.bak1
2007-10-06 16:21 <DIR> d-------- C:\Documents and Settings\Denise McDonald\.housecall6.6
2007-10-06 15:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-06 15:06 <DIR> d-------- C:\Program Files\Temporary
2007-10-06 15:06 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-06 15:03 <DIR> d--hs---- C:\WINDOWS\RGVuaXNlIE1jRG9uYWxk
2007-10-06 15:03 <DIR> d-------- C:\Program Files\ISM2
2007-10-06 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-06 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-06 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\ss1
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\rv2
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\pa12
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\bbc1
2007-10-06 15:02 <DIR> d-------- C:\Temp\xOe
2007-10-06 15:02 <DIR> d-------- C:\Temp
2007-10-02 00:23 <DIR> d-------- C:\Documents and Settings\Denise McDonald\Application Data\Google
2007-10-02 00:21 <DIR> d-------- C:\Program Files\Google
2007-10-02 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-05 18:29 --------- d-----w C:\Program Files\Common Files\HP
2007-09-05 18:29 --------- d-----w C:\Documents and Settings\Denise McDonald\Application Data\Printer Info Cache
2007-09-05 18:29 --------- d-----w C:\Documents and Settings\Denise McDonald\Application Data\Image Zone Express
2007-08-25 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-25 16:39 --------- d-----w C:\Program Files\Disney Interactive
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B1C253D-320A-4EE4-9119-B5165780B481}]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C03A265-AF30-42AE-8A38-10F39E8663BE}]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F42D1C-B2F7-B527-A848-E72B2B9782C8}]
C:\WINDOWS\system32\dbernfhc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E813A76-6300-4682-803F-906DE122D7D8}]
C:\Program Files\Common Files\hoket83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}]
C:\Program Files\ISM\BndDrive5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C66552A1-E3F0-4375-8DCA-D01DEBA6C818}]
C:\Program Files\Common Files\hoket4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3CF3F94-D3C3-4822-8016-0C804AB22D3F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-13 21:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-07 12:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" [2007-09-28 06:27]
"Htre"="C:\PROGRA~1\SMANTE~1\chkdsk.exe" []
"Lbj"="C:\Program Files\?racle\e?plorer.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [2007-05-20 10:29:14]
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - C:\Program Files\CreataCard\Plus\FMRemind.exe [2007-07-10 19:41:46]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [2007-05-20 10:29:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-07 12:05 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbby]
ddcdbby.dll


.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 10:38:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-10 10:43:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 10:42
.
--- E O F ---


hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:49 AM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Denise McDonald\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B1C253D-320A-4EE4-9119-B5165780B481} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {3C03A265-AF30-42AE-8A38-10F39E8663BE} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {69F42D1C-B2F7-B527-A848-E72B2B9782C8} - C:\WINDOWS\system32\dbernfhc.dll (file missing)
O2 - BHO: (no name) - {6E813A76-6300-4682-803F-906DE122D7D8} - C:\Program Files\Common Files\hoket83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C66552A1-E3F0-4375-8DCA-D01DEBA6C818} - C:\Program Files\Common Files\hoket4444.dll (file missing)
O2 - BHO: (no name) - {E3CF3F94-D3C3-4822-8016-0C804AB22D3F} - \
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [Htre] "C:\PROGRA~1\SMANTE~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Lbj] "C:\Program Files\?racle\e?plorer.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcdbby - ddcdbby.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6298 bytes


I really appreciate all your help!

[jurgenv]

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {3B1C253D-320A-4EE4-9119-B5165780B481} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {3C03A265-AF30-42AE-8A38-10F39E8663BE} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {69F42D1C-B2F7-B527-A848-E72B2B9782C8} - C:\WINDOWS\system32\dbernfhc.dll (file missing)
O2 - BHO: (no name) - {6E813A76-6300-4682-803F-906DE122D7D8} - C:\Program Files\Common Files\hoket83122.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: (no name) - {C66552A1-E3F0-4375-8DCA-D01DEBA6C818} - C:\Program Files\Common Files\hoket4444.dll (file missing)
O4 - HKCU\..\Run: [Htre] "C:\PROGRA~1\SMANTE~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Lbj] "C:\Program Files\?racle\e?plorer.exe"
O20 - Winlogon Notify: ddcdbby - ddcdbby.dll (file missing)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.bak1
:\WINDOWS\RGVuaXNlIE1jRG9uYWxk

Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.

[swcrusader]

Here we go:

C:\WINDOWS\system32\ddeeg.bak1 moved successfully.
C:\WINDOWS\system32\fhhkj.bak2 moved successfully.
C:\WINDOWS\system32\fhhkj.bak1 moved successfully.
C:\WINDOWS\RGVuaXNlIE1jRG9uYWxk moved successfully.

Created on 10/10/2007 13:24:39

Here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:11 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ISM2\ISMPack6.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Denise McDonald\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E3CF3F94-D3C3-4822-8016-0C804AB22D3F} - \
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5253 bytes


thanks!

[jurgenv]

Looking good, how is everything working?

[swcrusader]

Im going to give it 24 hours, let my wife have at it. I do want to thank you profusely, my wife was almost in tears over this (there was some other stuff going on and this was the final straw). Appreciate all the help!

[jurgenv]

Don't worry, it's fixable.

[swcrusader]

Unbelievable. Its still popping up those D*mn pop-ups. I swear if I find the guy who did this he's going to hurt. Any more ideas?

[jurgenv]

Post me a new log from combofix.

[swcrusader]

Here you are, thanks for continuing to work with me!

ComboFix 07-10-10 - Denise McDonald 2007-10-12 19:01:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.122 [GMT -7:00]
Running from: C:\Documents and Settings\Denise McDonald\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-11 18:34 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-11 17:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-09 10:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 10:27 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-07 18:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-07 17:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-07 12:05 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-10-07 11:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-07 10:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-07 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-07 10:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 10:28 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-06 16:21 <DIR> d-------- C:\Documents and Settings\Denise McDonald\.housecall6.6
2007-10-06 15:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-06 15:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-06 15:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-06 15:06 <DIR> d-------- C:\Program Files\Temporary
2007-10-06 15:06 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-06 15:03 <DIR> d-------- C:\Program Files\ISM2
2007-10-06 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\ss1
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\rv2
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\pa12
2007-10-06 15:02 <DIR> d-------- C:\WINDOWS\system32\bbc1
2007-10-06 15:02 <DIR> d-------- C:\Temp\xOe
2007-10-06 15:02 <DIR> d-------- C:\Temp
2007-10-02 00:23 <DIR> d-------- C:\Documents and Settings\Denise McDonald\Application Data\Google
2007-10-02 00:21 <DIR> d-------- C:\Program Files\Google
2007-10-02 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-05 18:29 --------- d-----w C:\Program Files\Common Files\HP
2007-09-05 18:29 --------- d-----w C:\Documents and Settings\Denise McDonald\Application Data\Printer Info Cache
2007-09-05 18:29 --------- d-----w C:\Documents and Settings\Denise McDonald\Application Data\Image Zone Express
2007-08-25 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-25 16:39 --------- d-----w C:\Program Files\Disney Interactive
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_10.40.37.06 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\spuninst.exe
----a-w 1,022,976 2007-08-22 13:12:15 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
----a-w 151,040 2007-08-22 13:12:15 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
----a-w 1,054,208 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
----a-w 357,888 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
----a-w 205,312 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
----a-w 55,808 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
----a-w 18,432 2007-08-21 10:30:45 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
----a-w 251,392 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
----a-w 96,256 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
----a-w 16,384 2007-08-22 13:12:16 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
----a-w 3,058,176 2007-08-22 13:12:17 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
----a-w 449,024 2007-08-22 13:12:17 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
----a-w 146,432 2007-08-22 13:12:17 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
----a-w 532,480 2007-08-22 13:12:17 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
----a-w 39,424 2007-08-22 13:12:17 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
----a-w 1,494,528 2007-08-22 13:12:18 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
----a-w 474,112 2007-08-22 13:12:18 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
----a-w 615,424 2007-08-22 13:12:18 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
----a-w 658,944 2007-08-22 13:12:18 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
----a-w 115,712 2007-08-21 10:20:02 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
----a-w 1,022,976 2007-08-22 12:55:28 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
----a-w 151,040 2007-08-22 12:55:29 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
----a-w 1,054,208 2007-08-22 12:55:30 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
----a-w 357,888 2007-08-22 12:55:30 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
----a-w 205,824 2007-08-22 12:55:31 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
----a-w 55,808 2007-08-22 12:55:31 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
----a-w 18,432 2007-08-21 10:19:39 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
----a-w 251,904 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
----a-w 96,256 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
----a-w 16,384 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
----a-w 3,064,832 2007-08-22 12:55:36 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
----a-w 449,024 2007-08-22 12:55:37 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
----a-w 146,432 2007-08-22 12:55:37 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
----a-w 532,480 2007-08-22 12:55:38 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
----a-w 39,424 2007-08-22 12:55:38 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
----a-w 1,498,112 2007-08-22 12:55:40 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
----a-w 474,112 2007-08-22 12:55:41 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
----a-w 617,984 2007-08-22 12:55:43 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
----a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
----a-w 350,720 2007-08-21 10:13:33 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download474e07262334919ca66aaa879430a63\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 40,394 2007-10-10 17:45:21 C:\WINDOWS\system32\perfc009.dat
----a-w 312,172 2007-10-10 17:45:21 C:\WINDOWS\system32\perfh009.dat
------w 14,048 2007-03-06 01:22:36 C:\WINDOWS\system32\spmsg.dll
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
----a-w 2,115,816 2007-06-11 20:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
----a-w 17,474,680 2007-09-06 02:50:44 C:\WINDOWS\system32\MRT.exe
----a-w 40,394 2007-10-09 01:42:16 C:\WINDOWS\system32\perfc009.dat
----a-w 312,172 2007-10-09 01:42:16 C:\WINDOWS\system32\perfh009.dat
------w 14,048 2006-01-19 19:29:19 C:\WINDOWS\system32\spmsg.dll
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3CF3F94-D3C3-4822-8016-0C804AB22D3F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-13 21:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-07 12:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" [2007-09-28 06:27]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [2007-05-20 10:29:14]
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - C:\Program Files\CreataCard\Plus\FMRemind.exe [2007-07-10 19:41:46]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [2007-05-20 10:29:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-07 12:05 9216 C:\WINDOWS\system32\avgwlntf.dll

R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 19:03:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-12 19:05:20
C:\ComboFix-quarantined-files.txt ... 2007-10-12 19:04
C:\ComboFix2.txt ... 2007-10-10 10:43
.
--- E O F ---

[jurgenv]

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

[swcrusader]

Well it looks like the problem is all fixed. Its been a while and no more pop-ups! I want to really thankyou for your help, and understanding. My wife thanks you too!

[jurgenv]

Ok, can I see a new hijackthis log to be sure?

[LS CalamityJane]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !