Rundll Error - HiJackThis Included

thats a trojan horse.. use superantispyware to remove it after you follow chris's advice

New HiJack log

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\aol\1140116236\ee\aexplore.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Zach\Desktop\HiJackThis.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} - (no file)
O2 - BHO: (no name) - {72BDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\WINDOWS\system32\dmscrip.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140100872952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140100857546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10861 bytes

Virtumondo Log

[10/05/2007, 11:31:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Zach\Desktop\VirtumundoBeGone.exe" )
[10/05/2007, 11:31:25] - Detected System Information:
[10/05/2007, 11:31:25] -  Windows Version: 5.1.2600, Service Pack 2
[10/05/2007, 11:31:25] -  Current Username: Zach (Admin)
[10/05/2007, 11:31:25] -  Windows is in SAFE mode with Networking.
[10/05/2007, 11:31:25] - Searching for Browser Helper Objects:
[10/05/2007, 11:31:25] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/05/2007, 11:31:25] -  BHO 2: {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} ()
[10/05/2007, 11:31:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/05/2007, 11:31:26] -  No filename found. Continuing.
[10/05/2007, 11:31:26] -  BHO 3: {72BDBFC0-3394-4944-BE07-BC05CF5049BE} ()
[10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/05/2007, 11:31:26] -  Checking for HKLM\...\Winlogon\Notify\dmscrip
[10/05/2007, 11:31:26] -  Key not found: HKLM\...\Winlogon\Notify\dmscrip, continuing.
[10/05/2007, 11:31:26] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/05/2007, 11:31:26] -  BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[10/05/2007, 11:31:26] -  BHO 6: {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} ()
[10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/05/2007, 11:31:26] -  No filename found. Continuing.
[10/05/2007, 11:31:26] -  BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/05/2007, 11:31:26] -  BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[10/05/2007, 11:31:26] -  BHO 9: {D377A374-A49E-4CFE-B00A-F0CCD1B80B10} ()
[10/05/2007, 11:31:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/05/2007, 11:31:26] -  Checking for HKLM\...\Winlogon\Notify\awtqo
[10/05/2007, 11:31:26] -  Key not found: HKLM\...\Winlogon\Notify\awtqo, continuing.
[10/05/2007, 11:31:26] - Finished Searching Browser Helper Objects
[10/05/2007, 11:31:26] - Finishing up...
[10/05/2007, 11:31:26] - Nothing found! Exiting...

VundoFix log

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:20:52 AM 10/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\thlhxrnt.ini
C:\WINDOWS\system32\tnrxhlht.dll
C:\WINDOWS\system32\xnxmhehb.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\thlhxrnt.ini
C:\WINDOWS\system32\thlhxrnt.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\tnrxhlht.dll
C:\WINDOWS\system32\tnrxhlht.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xnxmhehb.dll
C:\WINDOWS\system32\xnxmhehb.dll Has been deleted!

Performing Repairs to the registry.
Done!

[Mod & Malware Specialist]

Your log looks a lot cleaner now.  How are things running?  Are you still having problems?

Actually yeah, I don't get it.  I still had my computer randomly re-start and something is also affecting my internet connection now, it's been out for about a day and right now I'm surprised it's even working. 

Still running slow and I think I might have accidently deleted something from Nero in the registry because I get an "nmBg Monitor error." 

I don't know what the h**l is going on, everything seems fine from the log files. 

Oh, and I really do appreciate all the help so far, thank you.

Just in case...new HiJack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:53 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Zach\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC7C70A-B95D-4E0F-B49D-1C5D618D936C} - (no file)
O2 - BHO: (no name) - {72BDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\WINDOWS\system32\dmscrip.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A8FA1E1D-29FD-4E81-9690-C75B4E3108A0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\RunOnce: [vmc] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
O4 - HKLM\..\RunOnce: [Falcon] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
O4 - HKLM\..\RunOnce: [mswm] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
O4 - HKLM\..\RunOnce: [NetMD] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
O4 - HKLM\..\RunOnce: [SPTISRVps] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140100872952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140100857546
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11190 bytes

I also noticed this entry will NOT delete:

O2 - BHO: (no name) - {72BBDBFC0-3394-4944-BE07-BC05CF5049BE} - C:\\WINDOWS\system32\dmscrip.dll

I even tried to delete it manually and it doesn't work.

I have also received errors from these processes:

LogOnHook
reader_Sl
NetMDSB

[Mod & Malware Specialist]

Here, let's giving something else a try...  Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.

ComboFix log

ComboFix 07-10-07.2 - Zach 2007-10-08 16:38:19.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.726 [GMT -4:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\Guest\Desktop\internet.lnk
C:\Documents and Settings\Mom\Application Data\Starware
C:\Documents and Settings\Mom\Desktop\internet.lnk
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\cs\persist.dbs
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bjsjswvx.dll
C:\WINDOWS\system32\doymvccn.ini
C:\WINDOWS\system32\fbnndjau.dll
C:\WINDOWS\system32\fxpcyljv.dll
C:\WINDOWS\system32\gemdocyu.dll
C:\WINDOWS\system32\ghcvvtvj.ini
C:\WINDOWS\system32\grgetlct.ini
C:\WINDOWS\system32\gurmeydk.ini
C:\WINDOWS\system32\hdajhfux.dll
C:\WINDOWS\system32\isjmkdiw.dll
C:\WINDOWS\system32\jvtvvchg.dll
C:\WINDOWS\system32\kdyemrug.dll
C:\WINDOWS\system32\nccvmyod.dll
C:\WINDOWS\system32\tcltegrg.dll
C:\WINDOWS\system32\uajdnnbf.ini
C:\WINDOWS\system32\uycodmeg.ini
C:\WINDOWS\system32\vjlycpxf.ini
C:\WINDOWS\system32\widkmjsi.ini
C:\WINDOWS\system32\xufhjadh.ini
C:\WINDOWS\system32\xvwsjsjb.ini
C:\wsusupd.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_LDRSVC
-------\ldrsvc


(((((((((((((((((((((((((   Files Created from 2007-09-08 to 2007-10-08  )))))))))))))))))))))))))))))))
.

2007-10-08 16:37   51,420   --a------   C:\dcksdix.exe
2007-10-08 16:37   50,176   --a------   C:\WINDOWS\system32\btasv.dll
2007-10-08 16:37   25,600   --a------   C:\WINDOWS\system32\drivers\df401e41.sys
2007-10-08 16:37   1,918   --a------   C:\WINDOWS\system32\conf.dat
2007-10-08 16:22   62,464   --a------   C:\WINDOWS\NirCmd.exe
2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iTunes
2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iPod
2007-10-07 21:45   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-10-07 21:41   <DIR>   d--------   C:\Program Files\QuickTime
2007-10-07 20:24   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\McAfee
2007-10-07 19:59   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2007-10-07 19:56   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\MailFrontier
2007-10-07 15:31   512   --a------   C:\ScanSectorLog.dat
2007-10-07 13:07   37,920   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-07 13:07   1,175,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-06 16:26   32,256   --a------   C:\whekdwjb.exe
2007-10-06 16:26   25,600   --a------   C:\WINDOWS\system32\drivers\7de30189.sys
2007-10-06 16:26   25,088   --a------   C:\WINDOWS\system32\sipov.dll
2007-10-06 16:23   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\McAfee
2007-10-06 11:33   158,432   --a------   C:\WINDOWS\system32\71151f2.sys
2007-10-05 16:35   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\Uniblue
2007-10-05 16:17   112,292   --a------   C:\cc_20071005_1617.reg
2007-10-05 15:42   5,120      C:\WINDOWS\system32\drivers\wbkpwguh.dat
2007-10-05 15:42   17,664      C:\WINDOWS\system32\drivers\ctnluuwh.dat
2007-10-05 11:01   158,432   --a------   C:\WINDOWS\system32\6181b4a9.sys
2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\b728bbdf.sys
2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\51efee4c.sys
2007-10-05 10:56   158,432   --a------   C:\WINDOWS\system32\27a88faa.sys
2007-10-05 10:54   65,024   --a------   C:\hmwbeiik.exe
2007-10-05 10:41   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 10:35   158,432   --a------   C:\WINDOWS\system32\ccedba40.sys
2007-10-04 00:53   158,432   --a------   C:\WINDOWS\system32\112e9cd5.sys
2007-10-03 16:05   39,452   --a------   C:\qewtcr.exe
2007-10-01 08:53   158,432   --a------   C:\WINDOWS\system32\5516a3.sys
2007-09-27 07:46   158,432   --a------   C:\WINDOWS\system32\7c82ea07.sys
2007-09-26 22:05   153   --a------   C:\WINDOWS\system32\delFSF.bat
2007-09-26 16:53   58,155   --a------   C:\pgwgygwn.exe
2007-09-26 16:53   39,452   --a------   C:\uvbbeuu.exe
2007-09-25 16:36   58,155   --a------   C:\nawf.exe
2007-09-25 16:36   206,866   --a------   C:\slrce.exe
2007-09-25 16:27   <DIR>   d--------   C:\VundoFix Backups
2007-09-24 17:40   591,136   --a------   C:\Program Files\DMSetup-Serial.exe
2007-09-23 22:21   <DIR>   d--------   C:\Program Files\CCleaner
2007-09-23 22:04   <DIR>   d--------   C:\Program Files\Windows Defender
2007-09-23 20:51   <DIR>   d--------   C:\WINDOWS\pss
2007-09-23 20:42   1,476,658   ---hs----   C:\WINDOWS\system32\oqtwa.bak2
2007-09-23 19:10   1,976,534   ---hs----   C:\WINDOWS\system32\oqtwa.bak1
2007-09-23 15:59   1,978,634   ---hs----   C:\WINDOWS\system32\hhkmp.bak2
2007-09-23 15:03   57,856   --a------   C:\WINDOWS\system32\bootvi.dll
2007-09-22 16:14   1,976,494   ---hs----   C:\WINDOWS\system32\hhkmp.bak1
2007-09-22 15:54   107,409   --a------   C:\WINDOWS\system32\dmscrip.dll
2007-09-22 15:53   57,856   --a------   C:\WINDOWS\system32\drmclie.dll
2007-09-22 14:33   1,977,762   ---hs----   C:\WINDOWS\system32\kjkkj.ini2
2007-09-22 14:27   1,977,950   ---hs----   C:\WINDOWS\system32\kjkkj.bak2
2007-09-22 11:36   1,976,494   ---hs----   C:\WINDOWS\system32\kjkkj.bak1
2007-09-22 11:16   88,064   --a------   C:\WINDOWS\system32\cmcfg3.dll
2007-09-22 11:15   17,280   --a------   C:\WINDOWS\system32\drivers\ctnluuwh.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 16:23   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-08 05:26   6692   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-08 05:26   4412   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 14:38   ---------   d--------   C:\Program Files\McAfee
2007-10-07 11:17   ---------   d--------   C:\Program Files\FinePixViewer
2007-10-06 11:27   ---------   d--------   C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-05 11:10   ---------   d--------   C:\Program Files\Viewpoint
2007-10-05 11:10   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-03 16:41   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 16:36   ---------   d--------   C:\Program Files\DoctorCleaner
2007-09-30 12:53   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-09-30 12:15   ---------   d--------   C:\Documents and Settings\Zach\Application Data\Ahead
2007-09-30 09:24   ---------   d--------   C:\Program Files\OneStepSearch
2007-09-30 09:23   ---------   d--------   C:\Program Files\LimeWire
2007-09-30 09:21   ---------   d--------   C:\Program Files\foobar2000
2007-09-30 09:10   ---------   d--------   C:\Program Files\AC3Filter
2007-09-23 15:33   ---------   d--------   C:\Program Files\Bonjour
2007-09-22 14:46   ---------   d--------   C:\Program Files\Xvid
2007-09-22 14:46   ---------   d--------   C:\Program Files\Hardwood Euchre
2007-09-22 14:46   ---------   d--------   C:\Program Files\AudioRetoucher
2007-09-22 14:46   ---------   d--------   C:\Program Files\Audacity
2007-09-16 20:01   ---------   d--------   C:\Documents and Settings\Zach\Application Data\foobar2000
2007-08-14 20:40   ---------   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-13 17:13   ---------   d--------   C:\Program Files\Google
2007-08-13 14:16   ---------   d--------   C:\Program Files\RegistryCleanerXP
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]
2004-08-04 03:56   107409   --a------   C:\WINDOWS\system32\dmscrip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1140116236\ee\AOLSoftware.exe" [2006-05-09 20:24]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 08:39 C:\WINDOWS\SOUNDMAN.EXE]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 12:57]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"NWEReboot"="" []
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-10-05 16:04]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-03-21 17:48:41]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 17:13:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-18 13:04:30]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 rlgujhvq;rlgujhvq;C:\WINDOWS\system32\drivers\ctnluuwh.dat
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 df401e41.sys;df401e41.sys;\??\C:\WINDOWS\system32\drivers\df401e41.sys
R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 01:46:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-15 05:34:29 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 05:01:22 C:\WINDOWS\Tasks\McQcTask.job"
"2007-10-08 20:47:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 16:45:24
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 16:50:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 16:50
.
   --- E O F ---



On start up, I still get the Nero NMBg Error, the McAfee LogOnHook error, a Zone Alarm trial, and a lot of crap relating to the "MG Secure Module."  There is an automatic attempted installation that takes place while the computer is loading, and no matter how many times you click "finish" it keeps restarting itself.

 

[Mod & Malware Specialist]

We've still got a little bit of work to do, but we should be getting close.  Below is a quote box with some text.  Please copy everything inside of the box...

File::
C:\WINDOWS\system32\btasv.dll
C:\whekdwjb.exe
C:\WINDOWS\system32\sipov.dll
C:\WINDOWS\system32\drivers\wbkpwguh.dat
C:\WINDOWS\system32\drivers\ctnluuwh.dat
C:\hmwbeiik.exe
C:\qewtcr.exe
C:\pgwgygwn.exe
C:\uvbbeuu.exe
C:\nawf.exe
C:\slrce.exe
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\bootvi.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\dmscrip.dll
C:\WINDOWS\system32\drmclie.dll
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kjkkj.bak2
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\drivers\ctnluuwh.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC7C70A-B95D-4E0F-B49D-1C5D618D936C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BDBFC0-3394-4944-BE07-BC05CF5049BE}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FA1E1D-29FD-4E81-9690-C75B4E3108A0}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]

Paste the contents into Notepad and save the file as CFScript.txt.  Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again.  After reboot, (in case it asks to reboot) post the contents of Combofix.txt in your next reply together with a new HijackThis log.

On start up, I still get the Nero NMBg Error, the McAfee LogOnHook error, a Zone Alarm trial, and a lot of crap relating to the "MG Secure Module."  There is an automatic attempted installation that takes place while the computer is loading, and no matter how many times you click "finish" it keeps restarting itself.

If you're still having problems with Nero, McAfee, and ZoneAlarm, you may need to reinstall them.  MG Secure Module appears to be related to SonicStage.  Do you have this program on your computer?  Also, which program is trying to install itself?  If you continue to receive error messages, please write down exactly what they say.

New ComboFix log:

ComboFix 07-10-07.2 - Zach 2007-10-09 11:20:34.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.514 [GMT -4:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zach\Desktop\CFScript.txt
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-09-09 to 2007-10-09  )))))))))))))))))))))))))))))))
.

2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\rc.dat
2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\ps1.dat
2007-10-08 16:58   1   --a------   C:\WINDOWS\system32\cookie1.dat
2007-10-08 16:37   51,420   --a------   C:\dcksdix.exe
2007-10-08 16:37   50,176   --a------   C:\WINDOWS\system32\btasv.dll
2007-10-08 16:37   25,600   --a------   C:\WINDOWS\system32\drivers\df401e41.sys
2007-10-08 16:37   1,918   --a------   C:\WINDOWS\system32\conf.dat
2007-10-08 16:22   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iTunes
2007-10-07 21:47   <DIR>   d--------   C:\Program Files\iPod
2007-10-07 21:45   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-10-07 21:41   <DIR>   d--------   C:\Program Files\QuickTime
2007-10-07 20:24   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\McAfee
2007-10-07 19:59   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2007-10-07 19:56   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\MailFrontier
2007-10-07 15:31   512   --a------   C:\ScanSectorLog.dat
2007-10-07 13:07   44,320   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-07 13:07   1,175,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-06 16:26   32,256   --a------   C:\whekdwjb.exe
2007-10-06 16:26   25,600   --a------   C:\WINDOWS\system32\drivers\7de30189.sys
2007-10-06 16:26   25,088   --a------   C:\WINDOWS\system32\sipov.dll
2007-10-06 16:23   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\McAfee
2007-10-06 11:33   158,432   --a------   C:\WINDOWS\system32\71151f2.sys
2007-10-05 16:35   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\Uniblue
2007-10-05 16:17   112,292   --a------   C:\cc_20071005_1617.reg
2007-10-05 15:42   5,120      C:\WINDOWS\system32\drivers\wbkpwguh.dat
2007-10-05 15:42   17,664      C:\WINDOWS\system32\drivers\ctnluuwh.dat
2007-10-05 11:01   158,432   --a------   C:\WINDOWS\system32\6181b4a9.sys
2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\b728bbdf.sys
2007-10-05 10:58   158,432   --a------   C:\WINDOWS\system32\51efee4c.sys
2007-10-05 10:56   158,432   --a------   C:\WINDOWS\system32\27a88faa.sys
2007-10-05 10:54   65,024   --a------   C:\hmwbeiik.exe
2007-10-05 10:41   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
2007-10-05 10:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 10:35   158,432   --a------   C:\WINDOWS\system32\ccedba40.sys
2007-10-04 00:53   158,432   --a------   C:\WINDOWS\system32\112e9cd5.sys
2007-10-03 16:05   39,452   --a------   C:\qewtcr.exe
2007-10-01 08:53   158,432   --a------   C:\WINDOWS\system32\5516a3.sys
2007-09-27 07:46   158,432   --a------   C:\WINDOWS\system32\7c82ea07.sys
2007-09-26 22:05   153   --a------   C:\WINDOWS\system32\delFSF.bat
2007-09-26 16:53   58,155   --a------   C:\pgwgygwn.exe
2007-09-26 16:53   39,452   --a------   C:\uvbbeuu.exe
2007-09-25 16:36   58,155   --a------   C:\nawf.exe
2007-09-25 16:36   206,866   --a------   C:\slrce.exe
2007-09-25 16:27   <DIR>   d--------   C:\VundoFix Backups
2007-09-24 17:40   591,136   --a------   C:\Program Files\DMSetup-Serial.exe
2007-09-23 22:21   <DIR>   d--------   C:\Program Files\CCleaner
2007-09-23 22:04   <DIR>   d--------   C:\Program Files\Windows Defender
2007-09-23 20:51   <DIR>   d--------   C:\WINDOWS\pss
2007-09-23 20:42   1,476,658   ---hs----   C:\WINDOWS\system32\oqtwa.bak2
2007-09-23 19:10   1,976,534   ---hs----   C:\WINDOWS\system32\oqtwa.bak1
2007-09-23 15:59   1,978,634   ---hs----   C:\WINDOWS\system32\hhkmp.bak2
2007-09-23 15:03   57,856   --a------   C:\WINDOWS\system32\bootvi.dll
2007-09-22 16:14   1,976,494   ---hs----   C:\WINDOWS\system32\hhkmp.bak1
2007-09-22 15:54   107,409   --a------   C:\WINDOWS\system32\dmscrip.dll
2007-09-22 15:53   57,856   --a------   C:\WINDOWS\system32\drmclie.dll
2007-09-22 14:33   1,977,762   ---hs----   C:\WINDOWS\system32\kjkkj.ini2
2007-09-22 14:27   1,977,950   ---hs----   C:\WINDOWS\system32\kjkkj.bak2
2007-09-22 11:36   1,976,494   ---hs----   C:\WINDOWS\system32\kjkkj.bak1
2007-09-22 11:16   88,064   --a------   C:\WINDOWS\system32\cmcfg3.dll
2007-09-22 11:15   17,280   --a------   C:\WINDOWS\system32\drivers\ctnluuwh.sys