hello, to keep it short, ive been searching through different sites and different solutions for the popups ive had with no luck. at first it was the url.cpvfeed group of popups but it seems like i found a good way around that but as for these other ones i still cant find anything that helps. if theres any way you could help it'd be appreciated .. i have a hijackthis log if anyone thinks that could help (i just got that warning before i just posted it =P)

Please download VundoFix.exe to your C:\. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Run Vundofix again. Post the log located at C:\Vundofix.txt. Please download ComboFix to the desktop from this link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces. Please download and install the latest version of HijackThis v2.0.2: Download the HijackThis Installer from this link: HijackThis 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

THE HIJACKTHIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:05:40 PM, on 9/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3D8931F1-8549-4530-8535-6190EFD5135F} - C:\WINDOWS\system32\gebyv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {ABADFFB4-52A4-4E3B-B0F2-716B5E8E19D4} - C:\WINDOWS\system\loecac.dll (file missing) O2 - BHO: (no name) - {D281ECB2-2EF7-4B31-8387-FD8FF3415A07} - C:\Program Files\Online Services\holem58441.dll (file missing) O2 - BHO: (no name) - {E1EF3A1B-1C1E-4F41-A7AB-1092925E2EA6} - C:\WINDOWS\system32\geedc.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear... O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach... O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gam... O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso... O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpc... O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: awtursq - C:\WINDOWS\ O20 - Winlogon Notify: geedc - C:\WINDOWS\ O20 - Winlogon Notify: loecac - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O24 - Desktop Component 0: (no name) - http://content.ytmnd.com/content/e/... -- End of file - 8082 bytes THE COMBOFIX LOG: ComboFix 07-09-17.2 - "Me" 2007-09-17 23:24:21.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.454 [GMT -4:00] . ((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))) . 2007-09-17 23:01 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-17 22:33 <DIR> d-------- C:\VundoFix Backups 2007-09-17 18:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 23:34 <DIR> d-------- C:\Program Files\iTunes 2007-09-13 23:34 <DIR> d-------- C:\Program Files\iPod 2007-09-10 00:07 <DIR> d-------- C:\DOCUME~1\Me\APPLIC~1\Opera 2007-09-10 00:06 <DIR> d-------- C:\Program Files\Opera 2007-08-28 12:01 29,696 --a------ C:\WINDOWS\system32\asutl8.dll 2007-08-28 02:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IJJIGame 2007-08-27 10:53 <DIR> d-------- C:\DOCUME~1\Me\APPLIC~1\OnReally 2007-08-27 01:53 <DIR> d-------- C:\DOCUME~1\Me\APPLIC~1\Audacity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-17 1rogram Files\Common Files\Real 2007-09-17 1OCUME~1\ALLUSE~1\APPLIC~1\iolo 2007-09-17 1rogram Files\Frets on Fire 2007-09-16 2OCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation 2007-09-16 2rogram Files\Common Files\Wise Installation Wizard 2007-09-16 0rogram Files\Apple Software Update 2007-08-28 0OCUME~1\Me\APPLIC~1\ijjigame 2007-08-01 0rogram Files\McAfee 2007-07-31 1OCUME~1\ALLUSE~1\APPLIC~1\McAfee 2007-07-31 1rogram Files\Common Files\McAfee 2007-07-31 1rogram Files\McAfee.com 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-30 1OCUME~1\Me\APPLIC~1\Apple Computer 2007-07-26 00:37 556 --a------ C:\PPCleanDeleteAtReboot.bat 2007-07-23 0rogram Files\QuickTime 2007-07-23 0rogram Files\Common Files\Apple 2007-07-23 0OCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-22 1rogram Files\World of Warcraft 2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-04 12:00 147456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D8931F1-8549-4530-8535-6190EFD5135F}] C:\WINDOWS\system32\gebyv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABADFFB4-52A4-4E3B-B0F2-716B5E8E19D4}] C:\WINDOWS\system\loecac.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D281ECB2-2EF7-4B31-8387-FD8FF3415A07}] C:\Program Files\Online Services\holem58441.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1EF3A1B-1C1E-4F41-A7AB-1092925E2EA6}] C:\WINDOWS\system32\geedc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtursq] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loecac] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk backup=C:\WINDOWS\pss\Wireless-G Notebook Adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1130468692\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo AntiVirus®] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Personal Firewall®] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] KHALMNPR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking] p2pnetworking.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\vjsysgue.dll",forkonce [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdomwmnA] C:\WINDOWS\tdomwmnA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] C:\Program Files\WinPop\winpop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SymWSC"=2 (0x2) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Ventrilo"=2 (0x2) "NICSer_WPC54G"=2 (0x2) "NICCONFIGSVC"=2 (0x2) "MCVSRte"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McShield"=3 (0x3) "iPodService"=3 (0x3) "dlbt_device"=3 (0x3) "AOL ACS"=2 (0x2) "WANMiniportService"=2 (0x2) "Viewpoint Manager Service"=2 (0x2) "Net Agent"=2 (0x2) "iPod Service"=3 (0x3) "AVP"=2 (0x2) R3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys S1 nvport;NVIDIA PORT IO Control Driver;\??\C:\WINDOWS\system32\Drivers\nvport.sys S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys S4 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe . Contents of the 'Scheduled Tasks' folder "2007-09-14 03:17:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-15 05:22:53 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-09-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-09-18 00:08:26 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 23:30:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-17 23:35:04 C:\ComboFix-quarantined-files.txt ... 2007-09-17 23:35 . --- E O F --- AND HERES THE VUNDO VundoFix V6.5.8 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 10:33:21 PM 9/17/2007 Listing files found while scanning.... C:\WINDOWS\system32\aaghmfjm.dll C:\WINDOWS\system32\awtursq.dll C:\windows\system32\bawadrkn.ini C:\windows\system32\bhqmxdwq.dll C:\windows\system32\bsydrvhr.dll C:\windows\system32\cfgkjoax.ini C:\windows\system32\dxteskgt.dll C:\WINDOWS\system32\eekrudme.dll C:\windows\system32\egtkpcuw.dll C:\windows\system32\elhxvcyf.dll C:\windows\system32\emheakta.dll C:\WINDOWS\system32\eorcuqtu.dll C:\windows\system32\eugsysjv.ini C:\WINDOWS\system32\gebyv.dll C:\WINDOWS\system32\giaplwvw.dll C:\windows\system32\gmeqojqp.dll C:\WINDOWS\system32\htkkqtmk.dll C:\WINDOWS\system32\jbjxqovm.dll C:\WINDOWS\system32\kvrceacu.dll C:\windows\system32\kyjgpcen.dll C:\WINDOWS\system32\lnououlv.dll C:\windows\system32\mfrgoxpx.ini C:\windows\system32\mlqklmxv.ini C:\windows\system32\mrncgwjs.dll C:\windows\system32\nkrdawab.dll C:\WINDOWS\system32\pgbqchjn.dll C:\windows\system32\pqjoqemg.ini C:\WINDOWS\system32\pumyytbj.dll C:\windows\system32\qakalpsc.dll C:\windows\system32\rhvrdysb.ini C:\WINDOWS\system32\rjxyqcnc.dll C:\WINDOWS\system32\ucaecrvk.ini C:\windows\system32\vjsysgue.dll C:\windows\system32\vxmlkqlm.dll C:\WINDOWS\system32\vybeg.bak1 C:\WINDOWS\system32\vybeg.bak2 C:\windows\system32\vybeg.ini C:\windows\system32\vybeg.ini2 C:\windows\system32\vybeg.tmp C:\windows\system32\wttvinht.dll C:\windows\system32\wucpktge.ini C:\windows\system32\xaojkgfc.dll C:\windows\system32\xpxogrfm.dll C:\windows\system32\xroimggk.dll C:\WINDOWS\system32\yfoxbamy.dll C:\windows\system32\yivmjtrm.dll Beginning removal... Attempting to delete C:\windows\system32\bawadrkn.ini C:\windows\system32\bawadrkn.ini Has been deleted! Attempting to delete C:\windows\system32\bhqmxdwq.dll C:\windows\system32\bhqmxdwq.dll Has been deleted! Attempting to delete C:\windows\system32\bsydrvhr.dll C:\windows\system32\bsydrvhr.dll Has been deleted! Attempting to delete C:\windows\system32\cfgkjoax.ini C:\windows\system32\cfgkjoax.ini Has been deleted! Attempting to delete C:\windows\system32\dxteskgt.dll C:\windows\system32\dxteskgt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\eekrudme.dll C:\WINDOWS\system32\eekrudme.dll Has been deleted! Attempting to delete C:\windows\system32\egtkpcuw.dll C:\windows\system32\egtkpcuw.dll Has been deleted! Attempting to delete C:\windows\system32\elhxvcyf.dll C:\windows\system32\elhxvcyf.dll Has been deleted! Attempting to delete C:\windows\system32\emheakta.dll C:\windows\system32\emheakta.dll Has been deleted! Attempting to delete C:\windows\system32\eugsysjv.ini C:\windows\system32\eugsysjv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebyv.dll C:\WINDOWS\system32\gebyv.dll Has been deleted! Attempting to delete C:\windows\system32\gmeqojqp.dll C:\windows\system32\gmeqojqp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\htkkqtmk.dll C:\WINDOWS\system32\htkkqtmk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jbjxqovm.dll C:\WINDOWS\system32\jbjxqovm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kvrceacu.dll C:\WINDOWS\system32\kvrceacu.dll Could not be deleted. Attempting to delete C:\windows\system32\kyjgpcen.dll C:\windows\system32\kyjgpcen.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lnououlv.dll C:\WINDOWS\system32\lnououlv.dll Has been deleted! Attempting to delete C:\windows\system32\mfrgoxpx.ini C:\windows\system32\mfrgoxpx.ini Has been deleted! Attempting to delete C:\windows\system32\mlqklmxv.ini C:\windows\system32\mlqklmxv.ini Has been deleted! Attempting to delete C:\windows\system32\mrncgwjs.dll C:\windows\system32\mrncgwjs.dll Has been deleted! Attempting to delete C:\windows\system32\nkrdawab.dll C:\windows\system32\nkrdawab.dll Has been deleted! Attempting to delete C:\windows\system32\pqjoqemg.ini C:\windows\system32\pqjoqemg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pumyytbj.dll C:\WINDOWS\system32\pumyytbj.dll Has been deleted! Attempting to delete C:\windows\system32\qakalpsc.dll C:\windows\system32\qakalpsc.dll Has been deleted! Attempting to delete C:\windows\system32\rhvrdysb.ini C:\windows\system32\rhvrdysb.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ucaecrvk.ini C:\WINDOWS\system32\ucaecrvk.ini Has been deleted! Attempting to delete C:\windows\system32\vjsysgue.dll C:\windows\system32\vjsysgue.dll Has been deleted! Attempting to delete C:\windows\system32\vxmlkqlm.dll C:\windows\system32\vxmlkqlm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vybeg.bak1 C:\WINDOWS\system32\vybeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\vybeg.bak2 C:\WINDOWS\system32\vybeg.bak2 Has been deleted! Attempting to delete C:\windows\system32\vybeg.ini C:\windows\system32\vybeg.ini Has been deleted! Attempting to delete C:\windows\system32\vybeg.ini2 C:\windows\system32\vybeg.ini2 Has been deleted! Attempting to delete C:\windows\system32\vybeg.tmp C:\windows\system32\vybeg.tmp Has been deleted! Attempting to delete C:\windows\system32\wttvinht.dll C:\windows\system32\wttvinht.dll Has been deleted! Attempting to delete C:\windows\system32\wucpktge.ini C:\windows\system32\wucpktge.ini Has been deleted! Attempting to delete C:\windows\system32\xaojkgfc.dll C:\windows\system32\xaojkgfc.dll Has been deleted! Attempting to delete C:\windows\system32\xpxogrfm.dll C:\windows\system32\xpxogrfm.dll Has been deleted! Attempting to delete C:\windows\system32\xroimggk.dll C:\windows\system32\xroimggk.dll Has been deleted! Attempting to delete C:\windows\system32\yivmjtrm.dll C:\windows\system32\yivmjtrm.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\kvrceacu.dll C:\WINDOWS\system32\kvrceacu.dll Has been deleted! Performing Repairs to the registry. Done!

Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked": O2 - BHO: (no name) - {3D8931F1-8549-4530-8535-6190EFD5135F} - C:\WINDOWS\system32\gebyv.dll (file missing) O2 - BHO: (no name) - {ABADFFB4-52A4-4E3B-B0F2-716B5E8E19D4} - C:\WINDOWS\system\loecac.dll (file missing) O2 - BHO: (no name) - {D281ECB2-2EF7-4B31-8387-FD8FF3415A07} - C:\Program Files\Online Services\holem58441.dll (file missing) O2 - BHO: (no name) - {E1EF3A1B-1C1E-4F41-A7AB-1092925E2EA6} - C:\WINDOWS\system32\geedc.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear... O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O20 - Winlogon Notify: awtursq - C:\WINDOWS\ O20 - Winlogon Notify: geedc - C:\WINDOWS\ O20 - Winlogon Notify: loecac - C:\WINDOWS\ Exit Hijack This From safe mode navigate to and delete these files is found: C:\WINDOWS\retadpu1000106.exe C:\WINDOWS\system32\vjsysgue.dll C:\WINDOWS\tdomwmnA.exe C:\Program Files\Web Buying\v1.7.4\webbuying.exe C:\Program Files\WinPop\winpop.exe Then from safe mode navigate to and delete these folders if found: C:\Program Files\Web Buying C:\Program Files\WinPop Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Restart the computer in normal mode. Open notepad (Start Menu > Run > Type notepad and press "ok". Copy and paste everything into notepad between the x's making regedit4 the top line. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtursq] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedc] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loecac] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdomwmnA] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop. Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes. Restart the computer again. Post a new Hijack This log and a new Combofix log please. Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.