I have AVG free installed. I keep getting popups about trojans - like every few minutes - while using my computer, and Internet Explorer keeps opening with popups every so often. I will include an HJT log in a following post.

Logfile of HijackThis v1.99.1
Scan saved at 5:36:48 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: gPhotoShow Toolbar - {D3FBBA39-B2CD-4A1A-81B5-E940850BDF59} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7192] command /c del "C:\WINDOWS\system32\vtsqn.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2991] cmd /c del "C:\WINDOWS\system32\vtsqn.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8212] command /c del "C:\WINDOWS\system32\qomjhhh.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8481] cmd /c del "C:\WINDOWS\system32\qomjhhh.dll_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [SpybotDeletingB2857] command /c del "C:\WINDOWS\system32\vtsqn.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8505] cmd /c del "C:\WINDOWS\system32\vtsqn.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3063] command /c del "C:\WINDOWS\system32\qomjhhh.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2948] cmd /c del "C:\WINDOWS\system32\qomjhhh.dll_tobedeleted"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172796309125[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

It looks like you didn't reboot after running Spybot and that may need to be done first... If you didn't run Spybot, then please avoid rebooting... Then please do this:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

Use as many posts as needed to post the log...

ComboFix 07-09-10.6 - "Paul" 2007-09-11 22:02:08.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1367 [GMT -4:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-11 21:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 17:15 227,840 --a------ C:\WINDOWS\system32\Deco_32.dll
2007-09-11 17:15 <DIR> d-------- C:\Program Files\onOne Software
2007-09-11 17:15 <DIR> d-------- C:\Program Files\Common Files\onOne Software Shared
2007-09-09 20:38 <DIR> d-------- C:\Program Files\Lexmark Z700-P700 Series
2007-09-09 20:28 <DIR> d-------- C:\Lxk700
2007-09-09 10:18 39 --a------ C:\WINDOWS\buZZlic.dll
2007-09-09 09:39 <DIR> d-------- C:\WINDOWS\Splash Screens
2007-09-09 09:37 146,871 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2007-09-09 09:21 <DIR> d-------- C:\DOCUME~1\Paul\APPLIC~1\Alien Skin
2007-09-09 09:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-09 09:20 <DIR> d-------- C:\Program Files\Aurelon PhotoPro
2007-09-09 09:15 <DIR> d-------- C:\Xenofex 2
2007-09-09 09:08 <DIR> d-------- C:\Program Files\Alien Skin
2007-09-09 09:08 <DIR> d-------- C:\Alien Skin
2007-09-09 08:43 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-09-09 08:42 <DIR> d-------- C:\Program Files\RAYflect Four Seasons 1.0
2007-09-09 08:39 44,544 --------- C:\WINDOWS\AWuninstall.exe
2007-09-09 08:38 <DIR> d-------- C:\Program Files\AKVIS
2007-09-08 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-09-08 19:18 <DIR> d-------- C:\Program Files\Bonjour
2007-09-08 19:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-08 17:02 <DIR> d-------- C:\Program Files\PowerISO
2007-09-08 16:36 <DIR> d-------- C:\Program Files\uTorrent
2007-09-08 16:36 <DIR> d-------- C:\DOCUME~1\Paul\APPLIC~1\uTorrent
2007-09-07 17:42 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-07 17:26 <DIR> d-------- C:\Program Files\iTunes
2007-09-07 17:26 <DIR> d-------- C:\Program Files\iPod
2007-09-05 04:24 <DIR> d-------- C:\DOCUME~1\Paul\APPLIC~1\Skype
2007-09-05 04:23 <DIR> d-------- C:\Program Files\Skype
2007-09-05 04:23 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-05 04:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-29 21:38 188 --a------ C:\Delme.bat
2007-08-16 03:03 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-11 17:20 182 --a------ C:\Program Files\INSTALL.LOG
2007-09-07 17:31 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-09 18:43 --------- d-------- C:\Program Files\2K Games
2007-08-08 01:32 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-07 14:06 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-05 16:54 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-05 16:54 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-01 22:12 --------- d-------- C:\Program Files\HTC
2007-08-01 15:37 674600 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-08-01 15:37 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-01 15:37 22328 --a------ C:\DOCUME~1\PAUL\APPLIC~1\PnkBstrK.sys
2007-08-01 15:05 11256 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\WUPS.DLL
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-20 22:44 --------- d-------- C:\Program Files\Microsoft Games
2007-07-19 03:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 00:08 --------- d-------- C:\Program Files\Ventrilo
2007-07-19 00:08 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 00:08 --------- d-------- C:\DOCUME~1\PAUL\APPLIC~1\Ventrilo
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 10:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:35 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 17:59 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-26 17:59 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-26 17:59 118056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-03-22 09:12 3738624 --a------ C:\DOCUME~1\PAUL\WDSync_v6_3_102.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-11_215307.95 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-03-13 14:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6D45128-E25E-4036-90D1-F43872902148}]
2007-05-10 12:28 798720 --a------ C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3FBBA39-B2CD-4A1A-81B5-E940850BDF59}"= C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll [2007-05-10 12:28 798720]

[HKEY_CLASSES_ROOT\CLSID\{D3FBBA39-B2CD-4A1A-81B5-E940850BDF59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2006-10-24 19:30]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 08:42]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 03:58]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 07:22]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-13 23:00 C:\WINDOWS\RTHDCPL.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 12:56]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 17:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"WallpaperSS"="C:\Program Files\WallpaperSS\WallpaperSS.exe" [2007-03-12 23:52]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 11:09]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42]

C:\DOCUME~1\PAUL\STARTM~1\PROGRAMS\STARTUP\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 09:39:36]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPNT121 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPNT121 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WPNT121 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.ex e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
"c:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
"C:\Program Files\Xfire\xfiremusic.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"TapiSrv"=3 (0x3)
"MSDTC"=3 (0x3)
"AVGEMS"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)

R2 WNIPROT5;Airgo Networks Protocol Driver;\??\C:\WINDOWS\system32\WNIPROT5.SYS
R3 Airgo3U;NETGEAR RangeMax(TM) 240 Wireless USB 2.0 Adapter WPNT121;C:\WINDOWS\system32\DRIVERS\TMIMO31U.sys
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscs i.sys


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7f996f30-b7e4-11db-ba7b-0018de374475}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d637aeed-b316-11db-ba76-0018de374475}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d637aeee-b316-11db-ba76-0018de374475}]
AutoRun\command- setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 21:25:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 22:03:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-11 22:03:53
C:\ComboFix-quarantined-files.txt ... 2007-09-11 22:03
.
--- E O F ---

Please go to Start - Run and copy/paste this into Run, then press Enter...

C:\Windows\unvise32.exe C:\PROGRA~1\EXPLOR~1\WEBMAI~1\uninstal.log

Let me know if it works to uninstall...

Find and delete:

C:\Delme.bat

Please go to Add or Remove Programs in Control panel and see if you can remove:

gPhotoShow Toolbar

Then run this tool and post the log:

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the Desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


Did you reboot before ComboFix?? Also, it looks like you have been installing a lot of things recently... Please stay offline as much as possible and only install programs needed for this fix until you are cleaned up...

The first uninstall didn't work, but I got rid of delme.bat and Gphotoshow toolbar. I will run the app you posted and post the log back.

SDFix: Version 1.104

Run by Paul on Tue 09/11/2007 at 11:02 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\idk\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished!

Again, did you reboot to run those Spybot fixes??

Before we start doing this the hard way, run a couple more tools to see if you can kill some of this stuff...

* Download Dr.Web CureIt to the Desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


and then...

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post the logs and let me know how things seem to be running...

No, spybot hasn't run for several restarts. I have AVG, but it won't update now (has been stuck on "need to restart" for several days), so I might as well reinstall. I will run Dr. Web Cureit and reinstall AVG when I come back from school.

Are you talking about AVG Antivirus or Anti-Spyware??

Whoops, my mistake. I have Antivirus, not anti-spyware. Anyhow, the trojans seem to be gone, I have not received a popup in the last 2 days, and my computer is back to its usual speed. I'll give AVG a run though, just for good measure.

When the obvious symptoms are gone, it may just mean that the most dangerous stuff is left... So yes, please run the scans... Please also run DrWebCureIt...

AVGAS just found some tracking cookies. I'll run DrWebCureIt again, I just rebooted anyway.

That came up clear. No problems that I can see (knock on wood). I'm running AVG Antivirus right now. I'll post back sometime tomorrow, hopefully. Sorry about the lack of communication here, I am at school, and it is very difficult to get a working internet connection for my Laptop. I am also hesitant to register my laptop, because then I'll have to take off everything they don't want to see, like utorrent. Yeah, that's how I got the viruses in the first place, but... I'm a teenager, a bit of stupidity is required from even the smartest of the pack. I have a good friend who has a 4.4 GPA and is in both the National Honor Society and the Cum Laude Society. I still teach him stuff.

It also looks like you don't have a firewall and if that is true, it is another reason that you got infected... If you are using this computer for ANY kind of financial transactions, you are risking years of major headaches by those choices...

I suggest you get a firewall install as soon as possible...

The only firewall I'm using at the moment is Windows firewall, which I really should change. I've also been loking around for an IP encryptor/masker, but that's another story. No financial transactions are being made on this computer, this is a schoolwork/gaming computer.

Here is my prevention speech to help avoid future infection:

This is a good time to set up protection against further attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads. Using a different browser like FireFox with NoScripts is better than IE...
All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://forums.spywareinfo.com/index.php?showtopic=60955

I have SpywareBlaster, and I never touch IE, I use Firefox and Opera 100% of my browsing time. I will definitely get a firewall though, and an IP masker...

Good link BTW! Downloading ZoneAlarm ASAP...

Any recommendations for an IP masker?

Good link BTW! Downloading ZoneAlarm ASAP...

Any recommendations for an IP masker?

I don't bother with one, so I don't know what to recommend... Someone else might...

I personally don't like ZoneAlarm and suggest Kerio over it...