I have ads playing in the background and trying to get them removed. I have run Combofix and here is what the log shows.
ComboFix 12-07-16.01 - Owner 07/17/2012 9:45.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1591 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
---- Previous Run -------
.
c:\programdata\SPL5D91.tmp
c:\users\Owner\AppData\Local\Conduit\BitTorrent\ggqkf.dll
c:\users\Owner\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 15:50 . 2012-07-17 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-17 15:50 . 2012-07-17 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 15:31 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B960357A-7282-4FE1-8803-17898B4356B2}\mpengine.dll
2012-07-17 15:02 . 2012-07-17 15:02 -------- d-----w- c:\windows\system32\Adobe
2012-07-17 00:57 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 23:59 . 2012-07-16 23:59 -------- d-----w- c:\program files\Common Files\Overwolf
2012-07-16 05:41 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 00:01 . 2012-07-17 02:10 -------- d-----w- c:\users\Owner\AppData\Local\ClassesB
2012-07-11 06:45 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:45 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:45 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:45 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:45 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 06:45 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-04 05:41 . 2012-05-13 16:15 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12098E78-4290-4412-BB6F-F12959A1E060}\gapaengine.dll
2012-06-21 23:40 . 2012-06-21 23:40 768848 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-21 23:40 . 2012-06-21 23:40 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-21 09:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:37 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:37 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 16:19 . 2012-06-17 16:19 -------- d-----w- c:\users\Owner\AppData\Local\DDMSettings
2012-06-17 16:04 . 2012-06-17 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-06-17 16:04 . 2012-06-17 16:04 -------- d-----w- c:\program files\DivX
2012-06-17 16:03 . 2012-06-17 16:19 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 15:01 . 2012-04-03 05:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 15:01 . 2011-08-23 16:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 17:21 . 2011-08-23 17:00 178688 ----a-w- c:\windows\system32\unrar.dll
2012-05-13 16:15 . 2011-09-08 12:43 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-01 14:03 . 2012-06-12 21:17 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-12 21:17 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-12 21:17 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-12 21:17 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 16:44 . 2011-08-23 22:45 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-06-21 35256]
"Steam"="c:\program files\Steam\Steam.exe" [2012-05-05 1242448]
"ClassesB"="c:\users\Owner\AppData\Local\ClassesB\nhjlzpmt.dll" [2012-07-17 740864]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-12-23 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-03-29 04:43 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:01]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182351676-3826189462-1719554592-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 02:27]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2182351676-3826189462-1719554592-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 02:27]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6k80n2me.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
HKU-Default-Run-BitTorrent - c:\users\Owner\AppData\Local\Conduit\BitTorrent\ggqkf.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-07-17 09:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ClassesB = rundll32.exe c:\users\Owner\AppData\Local\ClassesB\nhjlzpmt.dll,DEC_Finish?45678DX?X???? ???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87A7B4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87a8293c]; MOV EAX, [0x87a82ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8225D936] -> \Device\Harddisk0\DR0[0x8706CAC8]
3 CLASSPNP[0x8B3A58B3] -> ntkrnlpa!IofCallDriver[0x8225D936] -> [0x85C08948]
5 acpi[0x807316BC] -> ntkrnlpa!IofCallDriver[0x8225D936] -> [0x85C08C90]
\Driver\nvstor32[0x879EFC38] -> IRP_MJ_CREATE -> 0x87A7B4B1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000058 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-00A7B#4&6727837&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85bc91f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5820)
c:\users\Owner\AppData\Local\ClassesB\nhjlzpmt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-17 09:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 15:58
.
Pre-Run: 301,071,380,480 bytes free
Post-Run: 300,927,291,392 bytes free
.
- - End Of File - - 13FEB4427227A0E5C308B385ACBEC5EC
Search 
ownloader-PLX [Trj]
