King Vyper

I have been experiencing increased lag in Video and Sound while surfing or playing games. Whenever I play something like a embedded youtube video or play an game online in a forum the PC fans kick on and the video and sound start to lag badly. I can't play Elder Scroll, Total War or NWN without it doing the same thing.

I ran AVG, Spybot, and Adware and came up with bumpkiss.

I found your site and have followed the instructions given

I have attached the extra file and the active scan file.

I am hopimg to accomplish a number of things.
1) Remove all Virus/Spyware/Adware
2) Prevent Future Infections
3) Remove Unnesscary or conflicting process to maximize PC performance.


Here is my log. Thank You ahead of time for any assiatance you can give

Deckard's System Scanner v20071014.68
Run by Janie on 2008-04-22 13:07:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Janie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:00 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Janie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Janie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessen.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: load=\\LUNAR\Giver\WINDOWS\SKINNY~1.PIF
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EE89C42-0C8B-7E08-888E-2540379DFC99} - C:\WINDOWS\System32\rbqtn.dll
O2 - BHO: (no name) - {4EE89C47-0CFE-0906-8888-534046E9FC9C} - C:\WINDOWS\System32\rbqtn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6A6FC7E9-5256-00F2-7EE0-0095CBA2DACA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1180395095-1482789601-4210259494-1003\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {29E5B286-4CF6-4656-AF73-828232AD4E81} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/cs0_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/...ws-i586-jc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9200 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 12:54:32 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 12:54:24 0 d-------- C:\Program Files\SpywareBlaster
2008-04-22 10:07:20 0 d-------- C:\WINDOWS\LastGood
2008-04-22 10:07:07 0 d-------- C:\Program Files\Panda Security
2008-04-21 10:32:53 0 d-------- C:\Program Files\Trend Micro
2008-04-07 13:46:52 0 d-------- C:\Program Files\BurnAware Free Edition
2008-03-30 15:36:19 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-30 15:30:26 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 15:30:23 0 d-------- C:\Documents and Settings\Janie\Application Data\DAEMON Tools
2008-03-30 14:53:47 317952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-03-30 14:24:21 0 d-------- C:\Program Files\MagicISO
2008-03-30 07:57:31 0 d-------- C:\Program Files\AD&D Core Rules 2.0
2008-03-30 07:34:29 0 d-------- C:\CM
2008-03-29 23:02:28 0 dr-h----- C:\Documents and Settings\Janie\Recent
2008-03-27 12:43:18 0 d-------- C:\Program Files\uTorrent
2008-03-27 12:43:07 0 d-------- C:\Documents and Settings\Janie\Application Data\uTorrent
2008-03-27 12:20:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-27 12:20:47 0 d-------- C:\Documents and Settings\Janie\Application Data\Azureus


-- Find3M Report ---------------------------------------------------------------

2008-04-22 10:07:09 14296 --a------ C:\WINDOWS\mozver.dat
2008-04-19 10:16:46 0 d-------- C:\Program Files\Java
2008-04-19 08:52:54 0 d-------- C:\Program Files\BitTorrent
2008-04-10 1259 0 d-------- C:\Documents and Settings\Janie\Application Data\Adobe
2008-04-08 12:43:07 0 d-------- C:\Documents and Settings\Janie\Application Data\AVG7
2008-04-07 14:28:41 184 --a------ C:\Documents and Settings\Janie\Application Data\burnaware.ini
2008-03-27 12:37:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 15:10:07 0 d-------- C:\Documents and Settings\Janie\Application Data\BitTorrent
2008-03-10 11:02:01 0 d-------- C:\Program Files\Microsoft Money
2008-03-08 14:36:03 0 d-------- C:\Program Files\ZoneAlarmSB
2008-03-08 14:36:01 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 11:14:28 0 d-------- C:\Program Files\Lavasoft
2008-03-07 11:10:44 0 d-------- C:\Program Files\Common Files
2008-03-07 11:10:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 23:16:57 0 d-------- C:\Program Files\SpeedFan
2008-03-06 21:31:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-06 15:30:29 0 d-------- C:\Program Files\WinAce
2008-03-06 15:29:43 0 d-------- C:\Documents and Settings\Janie\Application Data\WinRAR
2008-03-06 13:42:33 5120 --ahs---- C:\Program Files\Common Files\Thumbs.db
2008-03-06 13:15:32 0 d-------- C:\Program Files\Bethesda Softworks
2008-03-04 13:59:05 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-04 13:59:05 0 d-------- C:\Documents and Settings\Janie\Application Data\SystemRequirementsLab
2008-03-02 12:45:56 137629 --a------ C:\WINDOWS\HPHins15.dat
2008-03-02 12:44:16 0 d-------- C:\Program Files\Common Files\HP
2008-03-02 12:42:50 0 d-------- C:\Program Files\HP
2008-02-27 16:02:13 0 d-------- C:\Program Files\GetRight
2008-02-27 16:01:18 0 d-------- C:\Program Files\QuickTime
2008-02-27 01:00:56 0 d-------- C:\Documents and Settings\Janie\Application Data\Aim


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE89C42-0C8B-7E08-888E-2540379DFC99}]
03/17/2005 09:59 AM 163840 --a------ C:\WINDOWS\System32\rbqtn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE89C47-0CFE-0906-8888-534046E9FC9C}]
03/17/2005 09:59 AM 163840 --a------ C:\WINDOWS\System32\rbqtn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A6FC7E9-5256-00F2-7EE0-0095CBA2DACA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
03/08/2008 02:36 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [03/08/2008 02:36 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 04:31 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 05:05 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [03/21/2008 04:30 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4S2NSLA3QS#366]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\77e0caa6209f]
C:\WINDOWS\System32\cmcfg326.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\83973928b9e9]
C:\WINDOWS\System32\atl15547.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLogon]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"C:\Program Files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfb42d2d1677]
C:\WINDOWS\System32\carpdll8.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cb1851973727]
C:\WINDOWS\System32\bdeverif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
"C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
C:\WINDOWS\enhupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEDriver]
C:\WINDOWS\System32\IEDriver\IEDriver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"c:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\system32\msdioo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Promon.exe]
Promon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll16]
C:\WINDOWS\rundll16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate]
C:\WINDOWS\uptodate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s3nP32S]
vertream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sain]
c:\windows\system32\sain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAITEKAUTOCONFIGURE]
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
C:\WINDOWS\System32\Aoyphp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urah]
C:\WINDOWS\urah.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Gpxepn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdxvug]
c:\windows\system32\wdxvug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common Files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Compaq_RBA"=2 (0x2)
"SCardSvr"=3 (0x3)
"iprip"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
"msbb"=C:\WINDOWS\System32\msbb.exe
"4S2NSLA3QS#366"=C:\WINDOWS\System32\Erl6AX.exe
"Pcsv"=C:\WINDOWS\system32\pcs\pcsvc.exe
"Dpi"=C:\Program Files\Common Files\Dpi\dpi.exe
"DealHelperUpdate"=C:\WINDOWS\DHUpdt.exe
"DealHelperBrwsr"=C:\WINDOWS\dhbrwsr.exe
"TimeSyncApp"=C:\WINDOWS\TimeSynchronize.exe
"c7f08056a11b"=C:\WINDOWS\System32\adptif34.exe
"SearchUpgrader"=C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
"A70F6A1D-0195-42a2-934C-D8AC0F7C08EB"=rundll32.exe E6F1873B.DLL,D9EBC318C
"wdxvug"=c:\windows\system32\wdxvug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-04-22 13:08:43 ------------

Attached Files

	ActiveScan.txt (25.2 KB, 4 views)
	extra.txt (15.2 KB, 2 views)

King Vyper

* 3rd Day bump *

Ried

Hello King Vyper and welcome,

You've got quite the collection of numerous malware on this system. Was the Panda scan done before, or after you scanned with Spybot and Ad-Aware?


This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

King Vyper

The Panda Scan was Post Spybot and Adware. The PC was a hand-me down from one of my girlfriends friends.

There was no Firewall and security was set to low.

Spybot, Adware, and AVG caught some of it already. I came to you guys because I couldn't figure out the rest.

Combofix Log

ComboFix 08-04-28.2 - Janie 2008-04-29 10:52:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.695 [GMT -4:00]
Running from: C:\Documents and Settings\Janie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Janie\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_40.exe
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_10.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\wtscc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-22 12:54 . 2008-04-22 12:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-22 12:54 . 2008-04-22 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 12:30 . 2008-04-22 12:30 <DIR> d-------- C:\Deckard
2008-04-22 10:07 . 2008-04-22 10:07 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 10:49 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-21 10:32 . 2008-04-21 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 10:16 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-19 08:52 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-04-19 08:52 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-04-07 13:46 . 2008-04-07 13:46 <DIR> d-------- C:\Program Files\BurnAware Free Edition
2008-03-30 15:36 . 2008-03-30 15:36 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-30 15:30 . 2008-03-30 15:30 <DIR> d-------- C:\Documents and Settings\Janie\Application Data\DAEMON Tools
2008-03-30 15:30 . 2008-03-30 15:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 14:53 . 1998-10-27 11:08 317,952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-03-30 14:24 . 2008-03-30 14:24 <DIR> d-------- C:\Program Files\MagicISO
2008-03-30 07:57 . 2008-03-30 14:58 <DIR> d-------- C:\Program Files\AD&D Core Rules 2.0
2008-03-30 07:34 . 2008-03-30 07:59 <DIR> d-------- C:\CM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 15:03 12,193,824 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-29 14:59 144,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-29 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-23 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 14:16 --------- d-----w C:\Program Files\Java
2008-04-19 12:52 --------- d-----w C:\Program Files\BitTorrent
2008-04-14 22:31 2,976,256 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-09 07:17 20,413,428 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_02_19_55_25_full.dmp.zip
2008-04-08 16:43 --------- d-----w C:\Documents and Settings\Janie\Application Data\AVG7
2008-04-08 16:41 --------- d-----w C:\Documents and Settings\Janie\Application Data\uTorrent
2008-03-28 00:24 3,095,040 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-28 00:24 1,385,472 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-27 16:43 --------- d-----w C:\Program Files\uTorrent
2008-03-27 16:28 --------- d-----w C:\Documents and Settings\Janie\Application Data\Azureus
2008-03-27 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-21 19:10 --------- d-----w C:\Documents and Settings\Janie\Application Data\BitTorrent
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 00:18 2,036,736 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-15 01:42 2,646,016 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-14 03:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 03:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-10 15:02 --------- d-----w C:\Program Files\Microsoft Money
2008-03-08 18:36 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-03-08 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-08 18:28 --------- d-----w C:\Program Files\Zone Labs
2008-03-07 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-07 15:14 --------- d-----w C:\Program Files\Lavasoft
2008-03-07 15:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 03:16 --------- d-----w C:\Program Files\SpeedFan
2008-03-07 03:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 19:30 --------- d-----w C:\Program Files\WinAce
2008-03-06 17:42 5,120 --sha-w C:\Program Files\Common Files\Thumbs.db
2008-03-06 17:15 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-04 17:59 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-04 17:59 --------- d-----w C:\Documents and Settings\Janie\Application Data\SystemRequirementsLab
2008-03-02 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-02 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-02 16:44 --------- d-----w C:\Program Files\Common Files\HP
2008-03-02 16:42 --------- d-----w C:\Program Files\HP
2008-03-02 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-06-19 03:38 147,465 ----a-r C:\Program Files\Common Files\cdm74052.exe
2002-04-26 03:49 152 ----a-w C:\Program Files\file.txt
2005-02-08 14:34 417,792 --sha-r C:\WINDOWS\system32\l?gonui.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE89C42-0C8B-7E08-888E-2540379DFC99}]
2005-03-17 09:59 163840 --a------ C:\WINDOWS\System32\rbqtn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EE89C47-0CFE-0906-8888-534046E9FC9C}]
2005-03-17 09:59 163840 --a------ C:\WINDOWS\System32\rbqtn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A6FC7E9-5256-00F2-7EE0-0095CBA2DACA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-08 14:36 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-08 14:36 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-08 14:36 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 04:30 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 16:31 579584]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-16 02:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4S2NSLA3QS#366]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\77e0caa6209f]
--a------ 2005-02-27 08:47 32768 C:\WINDOWS\System32\cmcfg326.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\83973928b9e9]
--a------ 2005-03-11 22:02 32768 C:\WINDOWS\System32\atl15547.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfb42d2d1677]
C:\WINDOWS\System32\carpdll8.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
-ra------ 2002-01-02 22:06 4608 C:\WINDOWS\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cb1851973727]
--a------ 2006-06-18 22:34 94208 C:\WINDOWS\System32\bdeverif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
C:\WINDOWS\enhupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEDriver]
C:\WINDOWS\System32\IEDriver\IEDriver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-07-13 16:00 311350 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 16:00 28739 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a------ 2001-07-25 11:00 241714 c:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\system32\msdioo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Promon.exe]
--a------ 2001-08-09 11:00 61440 C:\WINDOWS\system32\PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll16]
C:\WINDOWS\rundll16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate]
C:\WINDOWS\uptodate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s3nP32S]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sain]
c:\windows\system32\sain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAITEKAUTOCONFIGURE]
--a------ 2000-08-02 16:35 45056 C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
C:\WINDOWS\System32\Aoyphp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 17:34 36864 C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urah]
C:\WINDOWS\urah.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Gpxepn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
C:\Program Files\COMPAQ\Coloreal\coloreal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdxvug]
c:\windows\system32\wdxvug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common Files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Compaq_RBA"=2 (0x2)
"SCardSvr"=3 (0x3)
"iprip"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
"msbb"=C:\WINDOWS\System32\msbb.exe
"4S2NSLA3QS#366"=C:\WINDOWS\System32\Erl6AX.exe
"Pcsv"=C:\WINDOWS\system32\pcs\pcsvc.exe
"Dpi"=C:\Program Files\Common Files\Dpi\dpi.exe
"DealHelperUpdate"=C:\WINDOWS\DHUpdt.exe
"DealHelperBrwsr"=C:\WINDOWS\dhbrwsr.exe
"TimeSyncApp"=C:\WINDOWS\TimeSynchronize.exe
"c7f08056a11b"=C:\WINDOWS\System32\adptif34.exe
"SearchUpgrader"=C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
"A70F6A1D-0195-42a2-934C-D8AC0F7C08EB"=rundll32.exe E6F1873B.DLL,D9EBC318C
"wdxvug"=c:\windows\system32\wdxvug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2001-08-02 17:48]
S3 SNDP202;Concord Camera Eye-Q 642;C:\WINDOWS\system32\DRIVERS\sndp202.sys [2004-07-01 18:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 11:02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-29 11:10:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 15:10:05

Pre-Run: 15,764,598,784 bytes free
Post-Run: 15,723,814,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

294 --- E O F --- 2008-04-09 07:05:01

and this is the Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:16 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessen.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: load=\\LUNAR\Giver\WINDOWS\SKINNY~1.PIF
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EE89C42-0C8B-7E08-888E-2540379DFC99} - C:\WINDOWS\System32\rbqtn.dll
O2 - BHO: (no name) - {4EE89C47-0CFE-0906-8888-534046E9FC9C} - C:\WINDOWS\System32\rbqtn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6A6FC7E9-5256-00F2-7EE0-0095CBA2DACA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {29E5B286-4CF6-4656-AF73-828232AD4E81} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/cs0_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/...ws-i586-jc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_0_2_5.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8785 bytes



I hope this helps.

Ried

Hi King Vyper,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis.exe and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior

__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

King Vyper

I apologize for the delay, I have been swamped at work and sick to boot.

After Following your instructions, The Performance has improved slightly. Embedded Videos and Games I.E Anything on Kongregate.Com still has very bad lag. When playing Sim City 2000 the CPU is Maxing out at 100%.

C:\ComboFix.txt

ComboFix 08-04-28.2 - Janie 2008-04-30 10:52:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.818 [GMT -4:00]
Running from: C:\Documents and Settings\Janie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Janie\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\pcsvc\patchme.exe
c:\keys.ini
C:\Program Files\Common Files\cdm74052.exe
c:\program files\common files\dpi
c:\windows\dsearch1.bin
C:\WINDOWS\enhuninstall.exe
C:\WINDOWS\inf\biH.inf
c:\windows\inf\biini.inf
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\mbkwnst.exe
C:\WINDOWS\mbkwnst.exe[MBKWBar.exe]
C:\WINDOWS\system32\adptif34.exe
C:\WINDOWS\system32\atl15547.exe
C:\WINDOWS\System32\atl15547.exe
C:\WINDOWS\system32\atl15547.exe
C:\WINDOWS\system32\bdeverif.exe
C:\WINDOWS\System32\bdeverif.exe
C:\WINDOWS\system32\bdeverif.exe
C:\WINDOWS\System32\bdeverif.exe
C:\WINDOWS\system32\BO2802040113.dll
C:\WINDOWS\system32\capesnpn.exe
C:\WINDOWS\system32\carpdll4.exe
C:\WINDOWS\system32\cmcfg326.exe
C:\WINDOWS\System32\cmcfg326.exe
C:\WINDOWS\system32\cmcfg326.exe
c:\windows\system32\drivers\etc\hosts.bho
c:\windows\system32\im64.dll
C:\WINDOWS\system32\mscgdc.dll
C:\WINDOWS\system32\mscjjn.dll
C:\WINDOWS\system32\msdioo.exe
C:\WINDOWS\system32\msefoi.dll
C:\WINDOWS\system32\msfaol.dll
C:\WINDOWS\system32\msiaih.dll
C:\WINDOWS\system32\mskplb.dll
C:\WINDOWS\system32\msnimk.gif
C:\WINDOWS\system32\msodae.dll
c:\windows\system32\party poker.ico
c:\windows\system32\Party Poker.ico
C:\WINDOWS\system32\rbqtn.dll
C:\WINDOWS\System32\rbqtn.dll
C:\WINDOWS\system32\silent.exe
c:\windows\system32\The Shield Professional 2005.ico
c:\windows\system32\the shield professional 2005.ico
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\pcsvc\patchme.exe
c:\keys.ini
C:\Program Files\Common Files\cdm74052.exe
c:\windows\dsearch1.bin
C:\WINDOWS\enhuninstall.exe
C:\WINDOWS\inf\biH.inf
c:\windows\inf\biini.inf
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\mbkwnst.exe
C:\WINDOWS\system32\adptif34.exe
C:\WINDOWS\system32\atl15547.exe
C:\WINDOWS\System32\bdeverif.exe
C:\WINDOWS\system32\BO2802040113.dll
C:\WINDOWS\system32\capesnpn.exe
C:\WINDOWS\system32\carpdll4.exe
C:\WINDOWS\system32\cmcfg326.exe
c:\windows\system32\drivers\etc\hosts.bho
c:\windows\system32\fiz1\
c:\windows\system32\fleok
c:\windows\system32\fleok\log0.txt
c:\windows\system32\im64.dll
C:\WINDOWS\system32\mscgdc.dll
C:\WINDOWS\system32\mscjjn.dll
C:\WINDOWS\system32\msefoi.dll
C:\WINDOWS\system32\msfaol.dll
C:\WINDOWS\system32\msiaih.dll
C:\WINDOWS\system32\mskplb.dll
C:\WINDOWS\system32\msnimk.gif
C:\WINDOWS\system32\msodae.dll
c:\windows\system32\Party Poker.ico
C:\WINDOWS\system32\rbqtn.dll
C:\WINDOWS\system32\silent.exe
c:\windows\system32\The Shield Professional 2005.ico

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-22 12:54 . 2008-04-22 12:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-22 12:54 . 2008-04-22 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 12:30 . 2008-04-22 12:30 <DIR> d-------- C:\Deckard
2008-04-22 10:07 . 2008-04-22 10:07 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 10:49 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-21 10:32 . 2008-04-21 10:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 10:16 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-19 08:52 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-04-19 08:52 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-04-07 13:46 . 2008-04-07 13:46 <DIR> d-------- C:\Program Files\BurnAware Free Edition
2008-03-30 15:36 . 2008-03-30 15:36 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-30 15:30 . 2008-03-30 15:30 <DIR> d-------- C:\Documents and Settings\Janie\Application Data\DAEMON Tools
2008-03-30 15:30 . 2008-03-30 15:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 14:53 . 1998-10-27 11:08 317,952 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-03-30 14:24 . 2008-03-30 14:24 <DIR> d-------- C:\Program Files\MagicISO
2008-03-30 07:57 . 2008-03-30 14:58 <DIR> d-------- C:\Program Files\AD&D Core Rules 2.0
2008-03-30 07:34 . 2008-03-30 07:59 <DIR> d-------- C:\CM
2008-03-27 12:43 . 2008-03-27 12:43 <DIR> d-------- C:\Program Files\uTorrent
2008-03-27 12:43 . 2008-04-08 12:41 <DIR> d-------- C:\Documents and Settings\Janie\Application Data\uTorrent
2008-03-27 12:20 . 2008-03-27 12:28 <DIR> d-------- C:\Documents and Settings\Janie\Application Data\Azureus
2008-03-27 12:20 . 2008-03-27 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-08 14:37 . 2008-04-30 10:57 14,567,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 14:37 . 2008-04-29 10:59 144,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 14:36 . 2008-03-08 14:36 <DIR> d-------- C:\Program Files\ZoneAlarmSB