Pop Ups windows

VundoFix V6.5.4

Checking Java version...

Scan started at 10:56:16 AM 7/14/2007

Listing files found while scanning....

C:\windows\system32\qekhnwyr.ini
C:\WINDOWS\system32\rywnhkeq.dll
C:\WINDOWS\system32\urqpp.dll

Beginning removal...

 Attempting to delete C:\windows\system32\qekhnwyr.ini
C:\windows\system32\qekhnwyr.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\rywnhkeq.dll
C:\WINDOWS\system32\rywnhkeq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\urqpp.dll
C:\WINDOWS\system32\urqpp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hi Bugbatter,

Thanks for all your help. There was no pop up immediately after I had done as you had said. Seems like it has started again..not the same pop-ups but differert ones and not as severe as the last ones. I did a HJ and am attaching it below.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:02 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\niSvcLoc.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\CIC\Sign-it Server\siservice.exe
C:\WINDOWS\System32\svchost.exe
C:\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\surzenv.exe
C:\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\surzenvA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\CROSOF~1.NET\winword.exe
C:\Program Files\Web Buying\v1.7.8\webbuying.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\kwintndt.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\?icrosoft\??oolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\SystemMechanic\delay.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [surzenvA] C:\WINDOWS\surzenvA.exe
O4 - HKLM\..\Run: [{71-14-44-42-ZN}] c:\windows\system32\dwdsregt.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwintndt.exe SKY009
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\CROSOF~1.NET\winword.exe" -vt yazb
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
O4 - HKCU\..\Run: [Mda] C:\WINDOWS\?icrosoft\??oolsv.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\kwintndt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {14D78FEB-AB3D-45CE-BE5E-73DAB5436DBC} (RdAsmIocCtrl Class) - http://immail.rediff.com/MLing/ActiveX/rdasmioc.cab
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://66.193.180.23/activex/decoder/mpeg4_dec.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.193.180.23/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\System32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\System32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\System32\lktsrv.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe
O23 - Service: MaxSyncService (NTService1) -   - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Sign-it Server (SignIt) - Communication Intelligence Corp. - C:\Program Files\CIC\Sign-it Server\siservice.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\ABAQUS\Documentation\monitor.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\surzenv.exe
O24 - Desktop Component 0: Desktop Uninstall - (no file)

--
End of file - 9952 bytes

I also did a combofix run. Below is the log.

"SOLAB" - 2007-07-15 20:28:02 - ComboFix 07-07-10.1 - Service Pack 2 

((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmnmm.dll
C:\WINDOWS\system32\vtuspnk.dll
C:\WINDOWS\SYSTEM32\mmnmp.bak1
C:\WINDOWS\SYSTEM32\mmnmp.ini
C:\WINDOWS\system32\ssqpmno.dll

* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\MSN Gaming Zone\mevo83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\web buying
C:\Program Files\web buying\v1.7.8\wbuninst.exe
C:\Program Files\web buying\v1.7.8\webbuying.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\winword.exe
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~1\??oolsv.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\system32\dnhqvcs.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnstsitr.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\wr.txt

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Net Agent
-------\Windows Overlay Components

(((((((((((((((((((((((((   Files Created from 2007-06-16 to 2007-07-16  )))))))))))))))))))))))))))))))

2007-07-15 18:38 224,654 --a------ C:\WINDOWS\jlrlt0578.exe
2007-07-15 18:38 192,622 --a------ C:\WINDOWS\SYSTEM32\kwintndt.exe
2007-07-15 18:24 54,784 --a------ C:\WINDOWS\surzenv.exe
2007-07-15 18:24 49,152 --a------ C:\WINDOWS\TISKY009.exe
2007-07-15 18:24 172,032 --a------ C:\WINDOWS\SYSTEM32\lkxikgn.dll
2007-07-15 18:24 1,006,352 -r-hs---- C:\WINDOWS\surzenvA.exe
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\driver
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B5
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B4
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B3
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B2
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B1
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\b02FdUe
2007-07-15 18:24   d-------- C:\WINDOWS\SYSTEM32\B0
2007-07-15 18:24   d-------- C:\Temp\0c2
2007-07-14 12:38   d-------- C:\Program Files\SUPERAntiSpyware
2007-07-14 12:38   d-------- C:\DOCUME~1\SOLAB\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 12:38   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 10:56   d-------- C:\VundoFix Backups
2007-07-13 19:23   d-------- C:\Program Files\Trend Micro
2007-07-13 19:18 66,112 --a------ C:\WINDOWS\SYSTEM32\vqdyvejk.exe
2007-07-13 19:17 1,936,310 --ahs---- C:\WINDOWS\SYSTEM32\ppqru.bak2
2007-07-12 22:35 6,369 --ahs---- C:\WINDOWS\SYSTEM32\ppqru.bak1
2007-07-12 22:30 18,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ApiMon.sys
2007-07-12 22:29   d-------- C:\WINDOWS\SYSTEM32\b10FdUe
2007-07-12 22:29   d-------- C:\Temp\brr
2007-07-11 05:29 22,016 --a------ C:\WINDOWS\b138.exe
2007-07-10 23:25   d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-10 23:13   d--hs---- C:\WINDOWS\U09MQUI
2007-07-10 23:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 22:57 66,624 --a------ C:\WINDOWS\SYSTEM32\qpsfcnqn.dll
2007-07-09 22:35   d-------- C:\WINDOWS\SYSTEM32\X9
2007-07-09 22:35   d-------- C:\WINDOWS\SYSTEM32\X4
2007-07-09 22:35   d-------- C:\WINDOWS\SYSTEM32\X3
2007-07-09 22:35   d-------- C:\WINDOWS\SYSTEM32\X2
2007-07-08 20:00   d-------- C:\WINDOWS\E31C348B63A94CBF8D7FD932ABB63244.TMP
2007-07-08 19:58   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-08 19:57   d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-06 14:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
2007-06-25 08:54 53,248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 08:53 53,248 --a------ C:\WINDOWS\uninst1014.exe

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 01:34:47 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-16 01:08:38 -------- d-----w C:\Program Files\SystemMechanic
2007-07-13 02:22:50 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\U3
2007-07-11 04:24:34 -------- d-----w C:\Program Files\Windows NT
2007-07-09 00:58:44 -------- d-----w C:\Program Files\Lavasoft
2007-07-09 00:58:41 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Lavasoft
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-22 03:20:02 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Skype
2007-05-22 00:55:36 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Ringjacker
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2007-03-30 13:31 722472 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d64f8b4c-04b7-4165-9dbe-49f97d52a45b}]
2007-07-15 18:24 172032 --a------ C:\WINDOWS\system32\lkxikgn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"RegistryMechanic"="" []
"ioloDelayModule"="C:\Program Files\SystemMechanic\delay.exe" [2005-06-08 13:31]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-01 11:58]
"@"="" []
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 16:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"SMSystemAnalyzer"="C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe" [2006-12-20 17:47]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 04:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Reminder]
"C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
C:\Program Files\Dell\AccessDirect\dadapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WG511WLU]
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

Contents of the 'Scheduled Tasks' folder
2004-01-09 03:29:17  C:\WINDOWS\tasks\ISP signup reminder 1.job
2007-07-04 21:00:00  C:\WINDOWS\tasks\{0D78C149-97DF-4201-A67A-A0E228DD33B3}_PRITAM_SOLAB.job
2006-11-24 21:00:05  C:\WINDOWS\tasks\{6C3A29DC-CEC0-4A7F-ADF5-1B80932C0DB0}_PRITAM_SOLAB.job
2006-12-19 14:00:09  C:\WINDOWS\tasks\{8B454BFC-EB75-4590-94F9-ACE76CBF05C5}_PRITAM_SOLAB.job
2007-07-04 21:00:00  C:\WINDOWS\tasks\{DDD455D0-EA9C-4C9F-93CD-61CFCE7B6BE7}_PRITAM_SOLAB.job
2006-11-24 21:00:05  C:\WINDOWS\tasks\{E5F01866-5A36-4851-A458-AE3AB5E6EB5D}_PRITAM_SOLAB.job
2006-12-19 14:00:01  C:\WINDOWS\tasks\{F2AC210A-891A-4AB2-B435-BE43535D5252}_PRITAM_SOLAB.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-15 20:44:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-15 20:46:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-15 20:46
C:\ComboFix2.txt ... 2007-07-14 11:43
C:\ComboFix3.txt ... 2007-07-10 23:37

 --- E O F ---

After combofix, I did HJT. Log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:41 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\niSvcLoc.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\CIC\Sign-it Server\siservice.exe
C:\WINDOWS\System32\svchost.exe
C:\ABAQUS\Documentation\monitor.exe
C:\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {d64f8b4c-04b7-4165-9dbe-49f97d52a45b} - C:\WINDOWS\system32\lkxikgn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\SystemMechanic\delay.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {14D78FEB-AB3D-45CE-BE5E-73DAB5436DBC} (RdAsmIocCtrl Class) - http://immail.rediff.com/MLing/ActiveX/rdasmioc.cab
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://66.193.180.23/activex/decoder/mpeg4_dec.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.193.180.23/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\System32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\System32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\System32\lktsrv.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe
O23 - Service: MaxSyncService (NTService1) -   - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Sign-it Server (SignIt) - Communication Intelligence Corp. - C:\Program Files\CIC\Sign-it Server\siservice.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\ABAQUS\Documentation\monitor.exe
O24 - Desktop Component 0: Desktop Uninstall - (no file)

--
End of file - 10106 bytes

Dear Bugbatter,

I have installed AVG 7.5.

Please find the combofix log and HJT log attached.

Thanks,

"SOLAB" - 2007-07-18 19:10:35 - ComboFix 07-07-10.1 - Service Pack 2 

(((((((((((((((((((((((((   Files Created from 2007-06-18 to 2007-07-18  )))))))))))))))))))))))))))))))

2007-07-17 18:34   d-------- C:\DOCUME~1\SOLAB\APPLIC~1\WinRAR
2007-07-15 19:38 224,654 --a------ C:\WINDOWS\jlrlt0578.exe
2007-07-15 19:24 172,032 --a------ C:\WINDOWS\SYSTEM32\lkxikgn.dll
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\driver
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B5
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B4
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B3
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B2
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B1
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\b02FdUe
2007-07-15 19:24   d-------- C:\WINDOWS\SYSTEM32\B0
2007-07-15 19:24   d-------- C:\Temp\0c2
2007-07-14 13:38   d-------- C:\Program Files\SUPERAntiSpyware
2007-07-14 13:38   d-------- C:\DOCUME~1\SOLAB\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 13:38   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 11:56   d-------- C:\VundoFix Backups
2007-07-13 20:23   d-------- C:\Program Files\Trend Micro
2007-07-13 20:17 1,936,310 --ahs---- C:\WINDOWS\SYSTEM32\ppqru.bak2
2007-07-12 23:35 6,369 --ahs---- C:\WINDOWS\SYSTEM32\ppqru.bak1
2007-07-12 23:30 18,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ApiMon.sys
2007-07-12 23:29   d-------- C:\WINDOWS\SYSTEM32\b10FdUe
2007-07-12 23:29   d-------- C:\Temp\brr
2007-07-11 06:29 22,016 --a------ C:\WINDOWS\b138.exe
2007-07-11 00:25   d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-11 00:13   d--hs---- C:\WINDOWS\U09MQUI
2007-07-11 00:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 23:57 66,624 --a------ C:\WINDOWS\SYSTEM32\qpsfcnqn.dll
2007-07-09 23:35   d-------- C:\WINDOWS\SYSTEM32\X9
2007-07-09 23:35   d-------- C:\WINDOWS\SYSTEM32\X4
2007-07-09 23:35   d-------- C:\WINDOWS\SYSTEM32\X3
2007-07-09 23:35   d-------- C:\WINDOWS\SYSTEM32\X2
2007-07-08 21:00   d-------- C:\WINDOWS\E31C348B63A94CBF8D7FD932ABB63244.TMP
2007-07-08 20:58   d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-08 20:57   d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-06 15:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
2007-06-25 09:54 53,248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 09:53 53,248 --a------ C:\WINDOWS\uninst1014.exe

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 01:34:47 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-16 01:08:38 -------- d-----w C:\Program Files\SystemMechanic
2007-07-13 02:22:50 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\U3
2007-07-11 04:24:34 -------- d-----w C:\Program Files\Windows NT
2007-07-09 00:58:44 -------- d-----w C:\Program Files\Lavasoft
2007-07-09 00:58:41 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Lavasoft
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-22 03:20:02 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Skype
2007-05-22 00:55:36 -------- d-----w C:\DOCUME~1\SOLAB\APPLIC~1\Ringjacker
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
2007-03-30 14:31 722472 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d64f8b4c-04b7-4165-9dbe-49f97d52a45b}]
2007-07-15 19:24 172032 --a------ C:\WINDOWS\system32\lkxikgn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 13:24]
"RegistryMechanic"="" []
"ioloDelayModule"="C:\Program Files\SystemMechanic\delay.exe" [2005-06-08 14:31]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-01 12:58]
"@"="" []
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-18 18:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 13:06]
"SMSystemAnalyzer"="C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe" [2006-12-20 18:47]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 05:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 15:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Reminder]
"C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
C:\Program Files\Dell\AccessDirect\dadapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WG511WLU]
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

Contents of the 'Scheduled Tasks' folder
2004-01-09 03:29:17  C:\WINDOWS\tasks\ISP signup reminder 1.job
2007-07-04 21:00:00  C:\WINDOWS\tasks\{0D78C149-97DF-4201-A67A-A0E228DD33B3}_PRITAM_SOLAB.job
2006-11-24 21:00:05  C:\WINDOWS\tasks\{6C3A29DC-CEC0-4A7F-ADF5-1B80932C0DB0}_PRITAM_SOLAB.job
2006-12-19 14:00:09  C:\WINDOWS\tasks\{8B454BFC-EB75-4590-94F9-ACE76CBF05C5}_PRITAM_SOLAB.job
2007-07-04 21:00:00  C:\WINDOWS\tasks\{DDD455D0-EA9C-4C9F-93CD-61CFCE7B6BE7}_PRITAM_SOLAB.job
2006-11-24 21:00:05  C:\WINDOWS\tasks\{E5F01866-5A36-4851-A458-AE3AB5E6EB5D}_PRITAM_SOLAB.job
2006-12-19 14:00:01  C:\WINDOWS\tasks\{F2AC210A-891A-4AB2-B435-BE43535D5252}_PRITAM_SOLAB.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 19:16:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-18 19:17:59
C:\ComboFix-quarantined-files.txt ... 2007-07-18 19:17
C:\ComboFix2.txt ... 2007-07-15 21:46
C:\ComboFix3.txt ... 2007-07-14 12:43

 --- E O F ---

 

Dr.webcsv log:

bmk_eqn01016.gif;C:\ABAQUS\Documentation\docs\v6.5\books\bmk\graphics;Modification of Zhangfan.1535;Moved.;

Usaarts.its\0x00/-2143347460.DAT;C:\Program Files\Microsoft Streets & Trips\Data\Usaarts.its;Modification of Win32.Rammstein.13346;; Usaarts.its\0x00/-2147004184.DAT;C:\Program Files\Microsoft Streets & Trips\Data\Usaarts.its;Modification of Win32.Rammstein.13346;; Usaarts.its;C:\Program Files\Microsoft Streets & Trips\Data;Archive contains infected objects;Moved.; vncviewer.exe;C:\Program Files\RealVNC\VNC4;Program.RemoteAdmin;Moved.; backup-20070719-222756-653.dll;C:\Program Files\Trend Micro\HijackThis\backups;Adware.WebBuying;; OOLSVE~1.VIR;C:\QooBox\Quarantine\C\WINDOWS\ICROSO~1;Adware.ClickSpring;Moved.; pmnmm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.; ssqpmno.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.; upqmmvnd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.; A0095375.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP825;Tool.Prockill;Moved.; A0095376.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP825;Program.PrcView.3741;Moved.; A0095744.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP829;Trojan.Virtumod;Deleted.; A0096070.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP833;Adware.WebBuying;Moved.; GTDownDE_87.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown;Moved.; qpsfcnqn.dll;C:\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;

Dear bugbatter,
I took a HJT log immediately I did the processing as you had asked me to do so. All the changes have significantly help my computer. Almost all of the problems are solved. Just that there is one pop up menu that comes up. I guess Ill check it till tomorrow that comes up from today or not and let you know. Otherwise it looks great. Ill get back to you with a report. Thanks..

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:44 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\niSvcLoc.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\CIC\Sign-it Server\siservice.exe
C:\WINDOWS\System32\svchost.exe
C:\ABAQUS\Documentation\monitor.exe
C:\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\SystemMechanic\delay.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\SystemMechanic\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14D78FEB-AB3D-45CE-BE5E-73DAB5436DBC} (RdAsmIocCtrl Class) - http://immail.rediff.com/MLing/ActiveX/rdasmioc.cab
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://66.193.180.23/activex/decoder/mpeg4_dec.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.193.180.23/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1674CD67-BC3D-4BD9-9E99-7F3C9458A77F}: NameServer = 66.193.180.2,66.193.180.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\System32\lkcitdl.exe
O23 - Service: Lookout Classified Ads (LkClassAds) - National Instruments, Inc. - C:\WINDOWS\System32\lkads.exe
O23 - Service: Lookout Time Synchronization (LkTimeSync) - National Instruments, Inc. - C:\WINDOWS\System32\lktsrv.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe
O23 - Service: MaxSyncService (NTService1) -   - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Sign-it Server (SignIt) - Communication Intelligence Corp. - C:\Program Files\CIC\Sign-it Server\siservice.exe
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\ABAQUS\Documentation\monitor.exe
O24 - Desktop Component 0: Desktop Uninstall - (no file)

--
End of file - 9515 bytes

Dear Bugbatter,

I have experimented with my computer for few days...and defiinitely no pop ups. Thank you so much for your help. However, the speed of the computer has gone down significantly. Is it because I have so many differnt anti-virus runnig when I start the program? The speed seems to be slow for the first 15-25 mins and then it becomes normal.

Rest everything seems to be fine. Thanks a bunch