Laptop having issues with unwanted pop-ups!

I have been searching the avast webforum for several days looking for a possible solution to my problem. While searching I found out what kind of scans etc. that I need for a possible solution. Here is part of the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:50, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\DOCUME~1\MAGGIE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = planetlab2.een.orst.edu:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {13D293EF-B465-44BD-9CF1-96994008A2FC} - C:\WINDOWS\system32\hgGwWNDT.dll (file missing)
O2 - BHO: {ae1727e8-be91-6b2b-6db4-ea163a5f2ed1} - {1de2f5a3-61ae-4bd6-b2b6-19eb8e7271ea} - C:\WINDOWS\system32\ipgghh.dll
O2 - BHO: (no name) - {1F5A1347-A9BE-4BD4-B79D-3FF58060DC56} - (no file)
O2 - BHO: (no name) - {2bbfd9ac-e94d-0627-0740-0605d4f09143} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: mysidesearch search enhancer - {5b10f0a4-aee2-7fc3-c49f-186bd4f57981} - C:\WINDOWS\system32\fblbklwwdnw.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: (no name) - {64f18619-b247-4f7b-93d9-9c31f7555efe} - C:\WINDOWS\system32\pojezija.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\fccbBQIx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E053B172-7437-485A-A646-BB991CF1C593} - (no file)
O2 - BHO: (no name) - {F6EA1499-F8AB-4F07-B3DF-3169C71D3581} - (no file)

Here is the rest of my HJT log:

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [AudioDrvEmulator] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” -1 AudioDrvEmulator “C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM..\Run: [osCheck] “C:\Program Files\Norton 360\osCheck.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [mlzlblfrmppxnn] C:\WINDOWS\System32\regsvr32.exe /s “C:\WINDOWS\system32\jtffohjrgqbujmg.dll”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: ,ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll
O20 - Winlogon Notify: c0094BD0 - c0094BD0.mat (file missing)
O20 - Winlogon Notify: fccbBQIx - fccbBQIx.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Here is my asw boot scan:

11/09/2008 18:51
Scan of all local drives

File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP143\A0065598.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP143\A0065658.dll is infected by Win32:Agent-ABKG [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP144\A0066579.dll is infected by Win32:BHO-SJ [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069022.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069027.dll is infected by Win32:BHO-SJ [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069028.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\bW9t\asappsrv.dll is infected by Win32:Trojan-gen {Other}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}
File C:\WINDOWS\bW9t\command.exe is infected by Win32:Adware-gen [Adw], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}
File C:\WINDOWS\bW9t\vq6Q.vbs is infected by VBS:Malware-gen, Repair: Error 42060 {The file was not repaired.}
File C:\WINDOWS\system32\r2\MAE32bak.exe is infected by Win32:Trojano-2873 [trj], Repair: Error 42060 {The file was not repaired.}
Number of searched folders: 12327
Number of tested files: 153247
Number of infected files: 10


11/09/2008 21:37
Scan of all local drives

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MFG9O701\pldr5[1].htm is infected by Win32:Fabot [trj], Moved to chest
File C:\Program Files\Dell Games\Wheel of Fortune\Wheel of Fortune.exe is infected by Win32:Swizzor-N [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP143\A0065556.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP143\A0065604.exe is infected by Win32:Agent-ACEN [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069009.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069041.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069042.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069043.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069047.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069048.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069049.dll is infected by Win32:Adload-LN [trj], Moved to chest
File C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP145\A0069055.exe is infected by Win32:Swizzor-N [trj], Moved to chest
File C:\WINDOWS\bW9t\asappsrv.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\bW9t\command.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\WINDOWS\bW9t\vq6Q.vbs is infected by VBS:Malware-gen, Moved to chest
File C:\WINDOWS\system32\fccbBQIx.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\khfEUnND.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\QI19\QI191065.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\r2\MAE32bak.exe is infected by Win32:Trojano-2873 [trj], Moved to chest
File C:\WINDOWS\system32\rjwnw64n.exe is infected by Win32:Agent-ACEN [trj], Moved to chest
File C:\WINDOWS\system32\rqRKCtsR.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\trz10.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\trzD.tmp is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\ttmrgfub.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\vm\ben2tali.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\wvUkKaBS.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\X5\FIDP56NL.exe is infected by Win32:Agent-ACEN [trj], Moved to chest
Number of searched folders: 12324
Number of tested files: 153274
Number of infected files: 27


11/12/2008 12:29
Scan of all local drives

File C:\Documents and Settings\Maggie Lorenz\Local Settings\Temp\snapsnet.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Documents and Settings\Maggie Lorenz\Local Settings\Temp\TMP00000001B71ED89E20F84000 is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\WINDOWS\system32\fblbklwwdnw.dll-uninst.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\gside.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\ipadiwru.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\jklrflij.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\zblwsfsqcnjo.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 12291
Number of tested files: 148932
Number of infected files: 7


11/12/2008 14:30
Scan of all local drives

Number of searched folders: 12291
Number of tested files: 148952
Number of infected files: 0


11/12/2008 17:03
Scan of all local drives

Number of searched folders: 12295
Number of tested files: 149174
Number of infected files: 0

Here is the log from the Malwarebytes Ant-Malware:

Malwarebytes’ Anti-Malware 1.30
Database version: 1378
Windows 5.1.2600 Service Pack 2

11/12/2008 7:59:25 PM
mbam-log-2008-11-12 (19-58-19).txt

Scan type: Full Scan (C:|)
Objects scanned: 185204
Time elapsed: 1 hour(s), 21 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 26
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ipgghh.dll (Trojan.Vundo.H) → No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{1de2f5a3-61ae-4bd6-b2b6-19eb8e7271ea} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{1de2f5a3-61ae-4bd6-b2b6-19eb8e7271ea} (Trojan.Vundo.H) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo.H) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbbqix (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo.H) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1de2f5a3-61ae-4bd6-b2b6-19eb8e7271ea} (Trojan.Vundo.H) → No action taken.
HKEY_CLASSES_ROOT\CLSID{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32 (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5b10f0a4-aee2-7fc3-c49f-186bd4f57981} (Adware.BHO) → No action taken.
HKEY_CLASSES_ROOT\CLSID{5b10f0a4-aee2-7fc3-c49f-186bd4f57981} (Adware.BHO) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlzlblfrmppxnn (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Lsass Service (Trojan.Agent) → No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) → Bad: (“%1”) Good: (regedit.exe “%1”) → No action taken.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) → No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) → No action taken.
C:\Documents and Settings\Maggie Lorenz\Application Data\gadcom (Trojan.Agent) → No action taken.

Files Infected:
C:\WINDOWS\system32\ipgghh.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\fccbBQIx.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\nkdmibmg.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\gmbimdkn.ini (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\rrpkecip.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\picekprr.ini (Trojan.Vundo.H) → No action taken.
C:\Documents and Settings\Maggie Lorenz\Local Settings\Temporary Internet Files\Content.IE5\6HN6SB3W\nd82m0[2] (Trojan.Vundo.H) → No action taken.
C:\Documents and Settings\Maggie Lorenz\Local Settings\Temporary Internet Files\Content.IE5\6HN6SB3W\kb600179[1] (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\hmsynkwb.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\utxqnx.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\bugbsycb.dll (Trojan.Vundo.H) → No action taken.
C:\WINDOWS\system32\gsnphy.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\bebtlotlqrstmthbs.exe (Trojan.Downloader) → No action taken.
C:\WINDOWS\system32\lkcertlt.dll (Trojan.Vundo) → No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) → No action taken.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) → No action taken.
C:\Documents and Settings\Maggie Lorenz\Local Settings\Temp\searsnet.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) → No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) → No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) → No action taken.
C:\Documents and Settings\Maggie Lorenz\Application Data\Microsoft\Windows\lsass.exe (Trojan.Agent) → No action taken.

If I need any more info just let me know. Thanks

First, I suggest VundoFix and SuperAntiSpyware Free.

Second, Run HJT and fix the following lines:

O2 - BHO: (no name) - {13D293EF-B465-44BD-9CF1-96994008A2FC} - C:\WINDOWS\system32\hgGwWNDT.dll (file missing)
O2 - BHO: (no name) - {1F5A1347-A9BE-4BD4-B79D-3FF58060DC56} - (no file)
O2 - BHO: (no name) - {2bbfd9ac-e94d-0627-0740-0605d4f09143} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: mysidesearch search enhancer - {5b10f0a4-aee2-7fc3-c49f-186bd4f57981} - C:\WINDOWS\system32\fblbklwwdnw.dll (file missing)
O2 - BHO: (no name) - {64f18619-b247-4f7b-93d9-9c31f7555efe} - C:\WINDOWS\system32\pojezija.dll (file missing) (This file is suspicious)
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\fccbBQIx.dll (file missing) (sent to virus chest)
O2 - BHO: (no name) - {E053B172-7437-485A-A646-BB991CF1C593} - (no file)
O2 - BHO: (no name) - {F6EA1499-F8AB-4F07-B3DF-3169C71D3581} - (no file)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

…continued.

O20 - Winlogon Notify: fccbBQIx - fccbBQIx.dll (file missing) (sent to chest)

Third you’ll need to uninstall Symantec by downloading the Norton Removal Tool. And also you need uninstall the old version of Java and install the latest here (uncheck the MSN toolbar at installation).

On the bright side, you did a good job sending the files to the chest.

Thank you for the very quick response. Will follow your suggestions and get back to you as soon as possible.

:slight_smile: Hi :

Your Malwarebytes Anti-Malware Scan Results show “no action taken” ; that
means you did NOT complete what you should have, namely :

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

Also it is advisable to use the latest version of “HijackThis”, which is 2.0.2 , which
can be downloaded at www.filehippo.com/download_hijackthis .

Also, your “Bonjour\mDNSResponder.exe” is a potential security leak and IF
interested, see the Info at www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe .

Ok. Thanks again. I am just scanning with the Vundo and SuperAntispyware software now. I will get the latest version of HJT and run it again. Once again thank you for the quick responses. I, however will not be so quick to get them done. I have several things going on the next few nights, so I won’t be able to finish your suggestions until the weekend. I will let you know if I need any more assistance.

Tried to do what Spiritsongs suggested with Bonjour, but the command given was not found. I will continue to work on this as time allows. I will post a HJT- v2.0.2 log as soon as I can get all the suggestions done. Thanks again.

Here is my HJT log after doing everything suggested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:43, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = planetlab2.een.orst.edu:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [AudioDrvEmulator] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” -1 AudioDrvEmulator “C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [mlzlblfrmppxnn] C:\WINDOWS\System32\regsvr32.exe /s “C:\WINDOWS\system32\jtffohjrgqbujmg.dll”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.0000001f.0000004b&b=00000082.00000045.00000119&c=00000082.00000049.000000b9&d=00000082.000000e6.0000026f
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: ,ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: c0094BD0 - c0094BD0.mat (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


End of file - 9002 bytes

Let me know if more has to be done. Haven’t had any pop-ups lately, so I think those are taken care of. Thanks


This one … myseach.myway … is bad and attached to dellsidebar :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

These do not look good at all :

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3D5CA3D70E-1895-11CF-8E15-001234567890

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3D602ADB0E-4AFF-4217-8AA1-95DAC4DFA408

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3D7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA

O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3Dmdnsnsp.dll

O20 - AppInit_DLLs: ,ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3Dipgghh.dll

O20 - Winlogon Notify: c0094BD0 - c0094BD0.mat (file missing)

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3Dc0094BD0.mat

O20 - Winlogon Notify: sys32 - sys32.dll (file missing)

http://sorry.google.com/sorry/?continue=http://www.google.com/search%3Fhl%3Den%26meta%3Don%26q%3Dsys32.dll

I am not an expert at this so please wait for another opinion.



Crap … nevermind about my above post. Seems Google is screwed-up tonight.

Although, I do think most of the ones I posted about above are bad.


That is OK:
http://www.castlecops.com/tk321-tfswshx_dll_dlashx_w_dll.html

krlorenz

O20 - AppInit_DLLs: ,ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll

That is a sign of significant infection.

Have you run MBAM with the latest definition and let it remove ALL that it finds with a reboot?

The system may be so infected with the latest malware that drastic cleanup may be necessary.


Thanks for the input, Yokenny. :slight_smile:

I have no idea what was wrong with my google searches last night. ???


Hi everyone. Here is my MBAM Log:

Malwarebytes’ Anti-Malware 1.30
Database version: 1391
Windows 5.1.2600 Service Pack 2

11/14/2008 8:02:37 PM
mbam-log-2008-11-14 (20-02-37).txt

Scan type: Full Scan (C:|)
Objects scanned: 180351
Time elapsed: 1 hour(s), 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32 (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlzlblfrmppxnn (Trojan.Agent) → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) → Bad: (“%1”) Good: (regedit.exe “%1”) → Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) → Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) → Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) → Quarantined and deleted successfully.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\Documents and Settings\Maggie Lorenz\Application Data\Microsoft\Windows\lsass.exe (Trojan.Agent) → Quarantined and deleted successfully.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:40:53, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = planetlab2.een.orst.edu:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [AudioDrvEmulator] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” -1 AudioDrvEmulator “C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.0000001f.0000004b&b=00000082.00000045.00000119&c=00000082.00000049.000000b9&d=00000082.000000e6.0000026f
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: c0094BD0 - c0094BD0.mat (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

I am wondering if my system is still infected. Thanks!

Update MBAM as its definition file is at 1401 then re-run it and let it delete what it finds then reboot.

This looks bad:
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O4 - HKCU..\RunOnce: C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.0000001f.0000004b&b=00000082.00000045
O20 - AppInit_DLLs: ejenyg.dll C:\WINDOWS\system32\daharubo.dll imdcmk.dll ipgghh.dll

XP SP3 has been available for about 5 months now so you should update plus it looks like Sun Java is down level so that should be un-installed by Add/Remove Programs then run JavaRa to insure all traces of the vulnerable Sun Java is gone:
http://raproducts.org

Run Secunia Online Software Inspector to check against known patched vulnerabilities:
http://secunia.com/vulnerability_scanning/online

OK! I updated MBAM and ran it.

Malwarebytes’ Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 2

11/16/2008 11:14:22 AM
mbam-log-2008-11-16 (11-14-22).txt

Scan type: Full Scan (C:|)
Objects scanned: 180617
Time elapsed: 1 hour(s), 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0000070.sys (Trojan.Downloader) → Quarantined and deleted successfully.

Then I cleaned up my vulnerabilities, removed java and reinstalled the way you told me to.

I removed Norton from my computer and dont plan on reinstalling.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:28, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226847797901&h=98db73e647ed7114effd0f597ff43724/&filename=jinstall-6u10-windows-i586-jc.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Thanks again. What next?