BleepingComputer.com: IE popups

Hello it's been a while now that I have gotten random Internet Explorer popups. Also in my task manager I can't kill the iexplorer process.
Thanks in advance for any help. Here is a DDS log.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Run by Steven at 11:38:53 on 2011-05-29
Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1033.18.4063.2438 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\NetLimiter 3\nlsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\NetLimiter 3\NLClientApp.exe
D:\iTunes\iTunesHelper.exe
D:\Ati\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Ati\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UTSCSI.EXE
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
D:\VMware Workstation\vmware-authd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
D:\Firefox\firefox.exe
D:\Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Steven\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - D:\Flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: revenuestreaming browser enhancer: {84f82ab0-3b33-ab82-569f-8bbbbce0e474} - C:\Windows\SysWow64\zmhdpxvrbcnnwegq.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - D:\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - D:\Flashget\getflash.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NetLimiter] D:\NetLimiter 3\NLClientApp.exe /tray
mRun: [StartCCC] "D:\Ati\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
mRun: [fvajpjfrjojtq] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\zmhdpxvrbcnnwegq.dll"
mRun: [Adobe Reader Speed Launcher] "D:\Adobe Reader 9.2\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - D:\Flashget\jc_all.htm
IE: &Download with FlashGet - D:\Flashget\jc_link.htm
IE: E&xporteren naar Microsoft Excel - D:\OFFICE~1\Office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\FlashGet.exe
LSP: D:\VMware Workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Fiddler2\Fiddler.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\2rq7zsg8.default\
FF - prefs.js: browser.startup.homepage - hxxp://be.hardware.info/
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Steven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Adobe Reader 9.2\Reader\browser\nppdf32.dll
FF - plugin: D:\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R1 nltdi;nltdi;D:\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-24 1038088]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MCHPUSB;MCHPUSB;C:\Windows\system32\DRIVERS\mchpusb64.sys --> C:\Windows\system32\DRIVERS\mchpusb64.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 pppop;PPPoP WAN Adapter;C:\Windows\system32\DRIVERS\pppop64.sys --> C:\Windows\system32\DRIVERS\pppop64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-05-28 16:06:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 14:33:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-09 08:39:26 -------- d-----w- C:\DOSBox
2011-05-09 08:20:04 -------- d-----w- C:\Program Files (x86)\WPF Toolkit
2011-05-03 13:19:34 -------- d-----w- C:\Users\Steven\AppData\Local\Locktime
2011-05-03 13:17:23 -------- d-----w- C:\ProgramData\Locktime
.
==================== Find3M ====================
.
2011-04-28 19:33:52 54455 ----a-w- C:\Windows\SysWow64\gvapsbccnpfdwmmgl.exe
2011-04-28 19:33:12 117864 ----a-w- C:\Windows\SysWow64\786aea34.exe
2011-04-04 19:34:10 848896 ----a-w- C:\Windows\SysWow64\zmhdpxvrbcnnwegq.dll
2011-03-21 14:44:30 33416 ----a-w- C:\Windows\System32\drivers\nlndis.sys
2011-03-09 14:07:26 2607616 ----a-w- C:\Windows\SysWow64\fb7387c6.dll
.
============= FINISH: 11:39:13,52 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
    
  • Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.