Okay, just a note. I seem to have gotten rid of Vundo, which is kinda ironic HOW it happened.
A trojan sneaked its way into the undeleteable .dll, and AVG AntiVirus quarantined it, following my deletion of it. Then a VundoFix run, it was gone.
Even though I got it off of my computer for good, I kept getting random IE popups VERY often as soon as I opened Firefox. This was remedied by ComboFix for a moment, but now I'm getting those again.
And an explanation to why my registry looks like a mess made by a bomb, and then as if someone tried cleaning it up with another bomb;
I had a game that refused to install on my machine, so I installed it on my littlebrother's machine instead, and copied over the files. I also made a registry key of his whole registry which was kinda a mistake. Now my comp thinks I have stuff I don't have, like the HP Bluetooth thingy.
Here are the logs you requested, beginning with the ComboFix one;
ComboFix 08-01-16.4 - MD 2008-01-16 15:47:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.450 [GMT 1:00]
Running from: C:\Documents and Settings\MD\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\TEMP\tn3
2008-01-16 15:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 03:01 . 2008-01-15 03:05 <DIR> d-------- C:\Program Files\Dofus
2008-01-14 02:40 . 2008-01-14 02:41 <DIR> d-------- C:\Documents and Settings\MD\Application Data\My Battle for Middle-earth Files
2008-01-14 02:39 . 2008-01-14 02:39 152,194 --a------ C:\WINDOWS\Elvenstar Mod V.5.0 English Uninstaller.exe
2008-01-13 22:23 . 2008-01-14 01:12 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-13 01:36 . 2007-03-08 16:12 <DIR> d-------- C:\Program Files\Halo Custom Edition
2008-01-12 23:46 . 2008-01-16 15:58 2,150,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-12 23:46 . 2008-01-16 15:54 26,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-12 23:43 . 2008-01-12 23:43 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-01-12 23:41 . 2008-01-12 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-12 23:41 . 2008-01-12 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-12 23:40 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-12 23:40 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-12 22:59 . 2008-01-16 15:37 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-12 22:58 . 2008-01-12 23:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-12 21:08 . 2008-01-12 21:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 01:11 . 2008-01-15 20:56 <DIR> d-------- C:\VundoFix Backups
2008-01-11 15:45 . 2008-01-11 15:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-11 07:38 . 2008-01-11 07:38 86,144 --a------ C:\WINDOWS\system32\drivers\sdbuss.sys
2008-01-11 07:38 . 2008-01-16 15:56 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-11 04:37 . 2008-01-16 09:00 <DIR> d-------- C:\Documents and Settings\MD\Application Data\AVG7
2008-01-11 04:37 . 2008-01-11 04:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-11 04:29 . 2008-01-11 04:29 <DIR> d-------- C:\Documents and Settings\MD\Application Data\Grisoft
2008-01-11 04:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-11 04:28 . 2008-01-11 04:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 04:13 . 2008-01-11 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-10 23:04 . 2008-01-10 23:04 <DIR> d-------- C:\Program Files\forst
2008-01-10 22:04 . 2008-01-11 17:32 <DIR> d-------- C:\Documents and Settings\MD\.netpanzer
2008-01-10 22:03 . 2008-01-11 17:48 <DIR> d-------- C:\Program Files\NetPanzer
2008-01-06 15:46 . 2008-01-06 15:46 <DIR> d-------- C:\WINDOWS\Re-Volt Track Manager
2008-01-06 15:45 . 2008-01-06 15:45 <DIR> d-------- C:\CircuitsCustoms
2008-01-06 15:45 . 2008-01-06 15:45 286,720 --a------ C:\WINDOWS\iun507.exe
2008-01-06 15:40 . 2008-01-06 15:46 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-01-06 00:07 . 2008-01-07 00:36 <DIR> d-------- C:\Program Files\RV House
2008-01-06 00:07 . 2006-08-03 11:39 54,694 --a------ C:\WINDOWS\system32\pthreadGC.dll
2008-01-01 09:52 . 2008-01-01 09:52 <DIR> d-------- C:\Program Files\JitBit
2007-12-29 22:53 . 2007-12-29 22:53 <DIR> d-------- C:\Documents and Settings\MD\Application Data\Leadertech
2007-12-29 22:49 . 2008-01-11 00:32 <DIR> d-------- C:\WINDOWS\system32\dla
2007-12-29 22:49 . 2007-12-29 22:53 <DIR> d-------- C:\Documents and Settings\MD\Application Data\Sonic
2007-12-29 22:49 . 2008-01-16 11:06 467 --a------ C:\WINDOWS\wininit.ini
2007-12-29 21:19 . 2007-12-29 21:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-29 21:18 . 2007-12-29 21:18 <DIR> d-------- C:\Documents and Settings\MD\Application Data\Nero
2007-12-29 01:33 . 2008-01-15 10:12 <DIR> d-------- C:\Program Files\Toribash-3.06
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 14:43 --------- d-----w C:\Program Files\Trillian
2008-01-16 07:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 07:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-16 07:14 --------- d-----w C:\Program Files\Steam
2008-01-16 06:17 --------- d-----w C:\Program Files\Furcadia
2008-01-15 21:58 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-01-13 16:23 2,991,616 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-13 16:23 1,426,944 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-13 16:17 --------- d-----w C:\Documents and Settings\MD\Application Data\uTorrent
2008-01-13 02:47 399,872 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-13 02:47 1,327,104 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-12 22:46 --------- d-----w C:\Program Files\F-Secure
2008-01-11 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-11 15:17 --------- d-----w C:\Program Files\Cheat Engine
2008-01-11 14:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-11 14:32 --------- d--h--w C:\Documents and Settings\MD\Application Data\ijjigame
2008-01-05 12:44 --------- d-----w C:\Program Files\Guild Wars
2007-12-17 04:29 --------- d-----w C:\Documents and Settings\MD\Application Data\X-Chat 2
2007-12-14 11:01 --------- d-----w C:\Documents and Settings\MD\Application Data\dvdcss
2007-12-14 10:59 --------- d-----w C:\Documents and Settings\MD\Application Data\CyberLink
2007-12-14 10:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-14 10:56 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-14 10:56 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-12-13 21:46 --------- d-----w C:\Program Files\Heroes of Might and Magic III Complete
2007-12-13 13:17 0 ----a-r C:\logwmemory.bin
2007-12-13 13:17 --------- d-----w C:\Documents and Settings\MD\Application Data\Soldat
2007-12-13 02:31 --------- d-----w C:\Program Files\xchat
2007-12-13 02:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 00:09 --------- d-----w C:\Program Files\Lavasoft
2007-12-03 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 19:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 13:01 --------- d-----w C:\Program Files\CCleaner
2007-12-02 19:09 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-12-01 14:39 --------- d-----w C:\Program Files\Windows Live
2007-12-01 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-01 08:55 --------- d-----w C:\Documents and Settings\MD\Application Data\DivX
2007-12-01 08:29 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-01 08:29 --------- d-----w C:\Documents and Settings\MD\Application Data\SystemRequirementsLab
2007-11-29 18:14 --------- d-----w C:\Program Files\Text to Speech Maker
2007-11-29 17:53 --------- d-----w C:\Program Files\NCT
2007-11-29 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2007-11-29 04:48 --------- d-----w C:\Documents and Settings\MD\Application Data\vlc
2007-11-29 03:36 --------- d-----w C:\Program Files\VideoLAN
2007-11-29 03:25 --------- d-----w C:\Program Files\Codec
2007-11-28 17:39 --------- d-----w C:\Program Files\uTorrent
2007-11-27 17:41 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-25 03:50 --------- d-----w C:\Program Files\Teamspeak2_RC2S
2007-11-23 00:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-23 00:58 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-23 00:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2007-11-23 00:48 --------- d-----w C:\Program Files\THQ
2007-11-22 22:55 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-11-22 22:55 --------- d-----w C:\Documents and Settings\MD\Application Data\teamspeak2
2007-11-19 08:28 --------- d-----w C:\Program Files\Winamp
2007-11-18 19:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-18 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 07:37 227,592 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974F534-5B66-4EA8-8A9F-999B989555FB}]
C:\WINDOWS\system32\geeda.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D8153AD-A748-4645-A2B4-90C9C89A4147}]
C:\WINDOWS\system32\mlljj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5897E361-CE56-4F46-BE57-9E6B26276970}]
C:\WINDOWS\system32\mljgf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4BC0823-F3FC-433D-B59E-D178A94B66A5}]
C:\WINDOWS\system32\awtsr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBD27AC4-C042-4DC7-AE00-FFD2A441769A}]
C:\WINDOWS\system32\vtstu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-12 23:43 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}]
C:\WINDOWS\system32\mljjhef.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-12 23:43 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Sonic RecordNow! Deluxe"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-11 04:40 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"Cmaudio"="cmicnfg.cpl" []
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-11 04:36 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}"= C:\WINDOWS\system32\mljjhef.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll
R1 sdbuss;sdbuss;C:\WINDOWS\system32\drivers\sdbuss.sys [2008-01-11 07:38]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl []
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys []
S3 Revolution1;Revolution1;C:\Documents and Settings\MD\Desktop\gb\SHAK3.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva041;XDva041;C:\WINDOWS\system32\XDva041.sys []
S3 XDva045;XDva045;C:\WINDOWS\system32\XDva045.sys []
S3 XDva049;XDva049;C:\WINDOWS\system32\XDva049.sys []
S3 XDva054;XDva054;C:\WINDOWS\system32\XDva054.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fd7cbc-9ca3-11dc-8658-000d88f3e1f9}]
\Shell\AutoRun\command - E:\Autoplay.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-16 15:58:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-16 16:02:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 15:02:20
.
2008-01-16 07:48:38 --- E O F ---
---------------------------
Following is the CCleaner install log;
µTorrent
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AiO_Scan
AMIP (remove only)
AutoUpdate
AVG 7.5
AVG Anti-Spyware 7.5
Bluetooth by hp
CCleaner (remove only)
C-Media WDM Audio Driver
Conexant AC-Link Audio
Counter-Strike
DivX Codec
Dofus 1.21.0
DogProxy II
Elvenstar Mod V.5.0 English
Furcadia
Google Toolbar for Internet Explorer
Guild Wars
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics 2 Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Jitbit Macro Recorder
Logitech QuickCam
MapSource - European MetroGuide Version 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nano Pack v1.0 for Pocket Tanks Deluxe
neroxml
Netpanzer 0.8.2
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 2.3
PerfectDisk
Pinnacle MediaCenter
Pocket Tanks Deluxe
QFolder
Quick Launch Buttons 5.00 C2
REALTEK Gigabit and Fast Ethernet NIC Driver
Re-Volt Track Manager 1.5.6
RV House 0.91.0
RVTT Ladder Editor 1.0.0
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Steam
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Text to Speech Maker version 1.6.0
TextPad 5
The Battle for Middle-earth (tm)
TIxx21/x515
Toribash 3.06
TrackMania Nations ESWC 1.7.9
Trillian
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VCRedistSetup
WebFldrs XP
VideoLAN VLC media player 0.8.6c
Winamp
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live inloggningsassistenten
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm
ZoneAlarm Spy Blocker
------------------------------
And the HiJackThis log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:19, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Omigawd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.freewebportal.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0974F534-5B66-4EA8-8A9F-999B989555FB} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {0D8153AD-A748-4645-A2B4-90C9C89A4147} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5897E361-CE56-4F46-BE57-9E6B26276970} - C:\WINDOWS\system32\mljgf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {C4BC0823-F3FC-433D-B59E-D178A94B66A5} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: (no name) - {DBD27AC4-C042-4DC7-AE00-FFD2A441769A} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\mljjhef.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 4771941812O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -
http://www.acclaim.com/cabs/acclaim_v4.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 4780757500O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{54C53EB5-9051-4EB1-9EB2-C270F1C27C19}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{960F8B99-EFC3-4587-B701-A0169E17B761}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FE76D5-B2DD-4E3E-AA24-119EFFFA4EBD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O22 - SharedTaskScheduler: heterandrous - {735e980d-45d2-4777-af82-9923d3c8d3ae} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: iPod-tjänst (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LVCOMSer - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Läsartjänsten USN Journal för mappdelning i Messenger (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 9644 bytes
------------------------------
Thankful for any help I might get, as the IE popups are getting MIGHTILY annoying.