Slow scrolling on browser and several popups when using explorer7. Please help. I have ran Seach and destroy and adware.

Go to the this link http://wiki.castlecops.com/Malware_... Follow there to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please post your Hijack This log.

Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Did what was asked. Here is the Combofix report;

ComboFix 07-12-30.3 - emachines 2007-12-30 15:27:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -5:00]
Running from: C:\Documents and Settings\emachines\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\emachines\Application Data\antivirusinstallfreenm_en[1].exe
C:\Documents and Settings\emachines\My Documents\ASKS~1
C:\Program Files\trustedprotection
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\adlfjwta.ini
C:\WINDOWS\system32\atwjflda.dll
C:\WINDOWS\system32\bgnohkfm.dll
C:\WINDOWS\system32\cfckjfdd.dll
C:\WINDOWS\system32\ddcyabb.dll
C:\WINDOWS\system32\ddfjkcfc.ini
C:\WINDOWS\system32\dhknjbwj.dll
C:\WINDOWS\system32\entiyoag.ini
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\fbgqwsqc.dll
C:\WINDOWS\system32\gaoyitne.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\igirulfw.dll
C:\WINDOWS\system32\ihhlrknp.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jteqpnoo.dll
C:\WINDOWS\system32\kfskyqjb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\paunwnvt.ini
C:\WINDOWS\system32\qfctcpie.ini
C:\WINDOWS\system32\rkiendej.ini
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\vhuijyug.exe
C:\WINDOWS\system32\wflurigi.ini
C:\WINDOWS\system32\wtsisu.exe
C:\WINDOWS\system32\wtstceto.dll
C:\WINDOWS\winshow.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 15:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 15:00 . 2007-12-30 15:00 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-30 15:00 . 2007-12-30 15:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-30 14:55 . 2007-12-30 14:55 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-30 14:55 . 2007-12-30 15:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-30 14:43 . 2007-12-30 14:43 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2007-12-30 14:43 . 2007-12-30 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2007-12-30 13:30 . 2007-12-30 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 13:14 . 2004-05-05 02:19 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-30 13:14 . 2004-05-05 02:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-30 13:14 . 2004-05-06 02:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-30 13:14 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-30 13:14 . 2004-08-04 01:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-26 20:56 . 2007-12-29 14:54 1,027,867 --ahs---- C:\WINDOWS\system32\lfwugfka.ini
2007-12-25 19:52 . 2007-12-26 20:09 1,030,015 --ahs---- C:\WINDOWS\system32\siqvnxko.ini
2007-12-23 16:53 . 2007-12-23 16:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 15:45 . 2007-12-23 16:52 <DIR> d-------- C:\Documents and Settings\emachines\.housecall6.6
2007-12-23 14:47 . 2007-12-24 20:02 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-12-23 14:47 . 2007-12-23 14:47 <DIR> d-------- C:\Documents and Settings\emachines\Application Data\Sammsoft
2007-12-22 08:49 . 2007-12-24 18:46 2,636,332 --ahs---- C:\WINDOWS\system32\ncnwrqht.ini
2007-12-20 20:15 . 2007-12-22 08:44 2,481,738 --ahs---- C:\WINDOWS\system32\vjxrkyek.ini
2007-12-19 21:01 . 2007-12-19 21:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-19 21:01 . 2007-12-19 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-19 20:17 . 2007-12-20 19:48 1,741,108 ---hs---- C:\WINDOWS\system32\wqxaekyg.ini
2007-12-19 19:00 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-19 19:00 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-19 19:00 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-19 19:00 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-19 19:00 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-19 19:00 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-19 19:00 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-19 19:00 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-19 19:00 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 18:59 . 2007-12-19 18:59 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-17 19:11 . 2007-12-17 19:11 1,283,960 --a------ C:\Install
2007-12-15 09:16 . 2007-12-15 09:16 <DIR> d-------- C:\Program Files\CONEXANT
2007-12-14 20:18 . 2007-12-14 20:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-14 20:14 . 2007-12-23 16:53 <DIR> d--hs---- C:\WINDOWS\ZW1hY2hpbmVz
2007-12-14 20:13 . 2007-12-14 20:13 <DIR> d-------- C:\WINDOWS\system32\ineWc02
2007-12-14 20:13 . 2007-12-30 15:30 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 20:11 --------- d-----w C:\Program Files\Java
2007-12-30 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 01:09 --------- d-----w C:\Program Files\MySpace
2007-12-23 21:53 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-23 21:52 --------- d-----w C:\Program Files\Symantec
2007-12-23 21:52 --------- d-----w C:\Program Files\Google
2007-12-23 21:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-15 15:40 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-15 15:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-15 15:35 --------- d-----w C:\Program Files\Full Tilt Poker
2007-12-08 04:03 --------- d-----w C:\Program Files\Lx_cats
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-28 18:06 --------- d-----w C:\Documents and Settings\emachines\Application Data\Yahoo!
2007-10-28 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-28 18:04 --------- d-----w C:\Program Files\Yahoo!
2007-10-28 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2005-07-29 21:24 472 --sha-r C:\WINDOWS\ZW1hY2hpbmVz\tqY1sZ1DvApW.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83E851D9-C804-48F3-A02C-E657AC23F5F8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 17:30 67128]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-09-04 00:25 73728 C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [2003-06-04 17:01 496640 C:\WINDOWS\zHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-10 09:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-12-18 09:40 1241138]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-12 21:18 135168]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-03-23 14:07 294912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-01-20 11:50 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-01-20 11:53 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-01-20 11:50 188416]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-09 19:16 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-05-01 13:09:15]
Configuration Utility.lnk - C:\Program Files\Intel\Wireless\Utilities\Config.exe [2004-07-18 16:13:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 17:30:52]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2007-06-08 09:59 224248 --a------ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R3 ndcprtns;NDC Network Agent;C:\WINDOWS\system32\drivers\ndcprtns.sys [2001-06-22 13:24]
S3 CW10;Intel(R) PRO/Wireless LAN Module Driver;C:\WINDOWS\system32\DRIVERS\CW51Usb.sys [2002-07-16 16:22]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 15:33:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 15:35:44 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 20:35:24
.
2007-12-11 23:58:54 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Documents and Settings\emachines\Application Data\antivirusinstallfreenm_en[1].exe
C:\Documents and Settings\emachines\My Documents\ASKS~1
C:\Program Files\trustedprotection
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\adlfjwta.ini
C:\WINDOWS\system32\atwjflda.dll
C:\WINDOWS\system32\bgnohkfm.dll
C:\WINDOWS\system32\cfckjfdd.dll
C:\WINDOWS\system32\ddcyabb.dll
C:\WINDOWS\system32\ddfjkcfc.ini
C:\WINDOWS\system32\dhknjbwj.dll
C:\WINDOWS\system32\entiyoag.ini
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\fbgqwsqc.dll
C:\WINDOWS\system32\gaoyitne.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\igirulfw.dll
C:\WINDOWS\system32\ihhlrknp.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jteqpnoo.dll
C:\WINDOWS\system32\kfskyqjb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\paunwnvt.ini
C:\WINDOWS\system32\qfctcpie.ini
C:\WINDOWS\system32\rkiendej.ini
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\vhuijyug.exe
C:\WINDOWS\system32\wflurigi.ini
C:\WINDOWS\system32\wtsisu.exe
C:\WINDOWS\system32\wtstceto.dll
C:\WINDOWS\winshow.exe
C:\WINDOWS\system32\lfwugfka.ini
C:\WINDOWS\system32\siqvnxko.ini
C:\WINDOWS\system32\ncnwrqht.ini
C:\WINDOWS\system32\vjxrkyek.ini
C:\WINDOWS\system32\wqxaekyg.ini
C:\WINDOWS\ZW1hY2hpbmVz\tqY1sZ1DvApW.vbs
C:\WINDOWS\system32\atwjflda.dll

Folder::
C:\WINDOWS\system32\ineWc02
C:\WINDOWS\ZW1hY2hpbmVz

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83E851D9-C804-48F3-A02C-E657AC23F5F8}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Post a new Hijack This and let us know how the computer is operating.

Everything is great. Works as if it was new. Thank you so much!

Glad we could help.