Cloner + other viruses + unable to update windows

[Mosquito]

Hello commited helpers, the title of thread basicly says the problems i've got I first went to the xp support forums and posted about suspicious .exe files which you can look at here. I ran a online scanner it during the scan it seemed as if the cloner was deleted at the file itself simply dissapeared, but i have deleted it before and it has come back so only time will tell.

Now my MAIN problem is not being able to update windows, due to getting alot of viruses it seems my "automatic updates" service was disabled, when i try to enable it my computer suffers extreme lag and when i check my task manager it tells me one of my "svchost" proccesses is using 100% of my cpu, i looked a bit on this forum and it seems someone else had the same problem as me but since svchost covers so many different things i thought it would be appropriate to post a new thread. So here are the results from my dss scan and the extra.txt has been attached.




Deckard's System Scanner v20070602.46
Run by Denise on 2007-06-03 at 04:16:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-06-02 20:16:39 UTC - RP735 - Deckard's System Scanner Restore Point
17: 2007-06-02 20:02:53 UTC - RP734 - Installed Microsoft Visual C++ 2005 Redistributable
16: 2007-06-02 20:02:43 UTC - RP733 - Removed Microsoft Visual C++ 2005 Redistributable
15: 2007-05-30 21:20:14 UTC - RP732 - System Checkpoint
14: 2007-05-29 10:38:53 UTC - RP731 - System Checkpoint


-- First Restore Point --
1: 2007-05-15 09:45:33 UTC - RP718 - Master of Orion 3 Installation


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Denise.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:17:45 AM, on 3/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\RECYCLER\msnmrsgrs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\FRAPS 2.8.2\FRAPS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Denise\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Denise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.yellowpages.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Security Centers] C:\RECYCLER\msnmrsgrs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS 2.8.2\FRAPS.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Monitor by WebMonit - C:\Program Files\WebMonit\WMAddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Denise\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: NameServer = 203.21.20.20,203.10.1.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: NameServer = 203.21.20.20,203.10.1.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{520A430F-067F-4499-B7B7-2775F3519966}: NameServer = 203.21.20.20,203.10.1.9
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero 7.8.5.0\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 windrvNT - c:\windows\system32\windrvnt.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 C4C_BSC2 - c:\windows\system32\drivers\c4c_bsc2.sys (file missing)
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 hSONYPVh - c:\docume~1\denise\locals~1\temp\hsonypvh.sys (file missing)
S3 Rksample - c:\windows\system32\drivers\c4c_samp.sys (file missing)
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbdriver.sys (file missing)
S3 U81xbus (LGE U8110 driver (WDM)) - c:\windows\system32\drivers\u81xbus.sys <Not Verified; MCCI; LG Electronics U8110>
S3 U81xmdfl (LGE U8110 USB WMC Modem Filter) - c:\windows\system32\drivers\u81xmdfl.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem Filter Driver>
S3 U81xmdm (LGE U8110 USB WMC Modem Driver) - c:\windows\system32\drivers\u81xmdm.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Modem>
S3 U81xmgmt (LGE U8110 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\u81xmgmt.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC Device Management>
S3 U81xobex (LGE U8110 USB WMC OBEX Interface) - c:\windows\system32\drivers\u81xobex.sys <Not Verified; MCCI; LG Electronics U8110 USB WMC OBEX Interface>
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero 7.8.5.0\nero 7\nero backitup\nbservice.exe
S4 Bonjour Service - c:\program files\gizmo project\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S4 QQJ - c:\docume~1\denise\locals~1\temp\qqj.exe (file missing)


-- Files created between 2007-05-03 and 2007-06-03 -----------------------------

2007-06-03 04:05:27 0 d-------- C:\Documents and Settings\Denise\Application Data\Prevx
2007-06-03 04:04:54 0 d-------- C:\Program Files\Prevx2
2007-06-03 04:04:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-06-03 04:03:05 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-03 03:05:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-01 10:54:11 0 d-------- C:\Program Files\Lavasoft
2007-05-31 22:10:56 0 d-------- C:\Program Files\Winamp
2007-05-31 22:10:56 0 d-------- C:\Documents and Settings\Denise\Application Data\Winamp
2007-05-31 01:45:26 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-05-29 18:01:16 0 dr-h----- C:\Documents and Settings\Denise\Recent
2007-05-24 21:38:09 0 d-------- C:\Documents and Settings\Denise\Contacts
2007-05-23 11:18:52 0 d-------- C:\Program Files\Common Files\xing shared
2007-05-23 11:18:28 0 d-------- C:\Program Files\RealPlayer
2007-05-23 00:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-05-17 09:12:26 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-05-16 09:01:00 0 d-------- C:\Program Files\Secure ROM Loader 7.26
2007-05-15 14:57:29 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-13 10:43:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-12 14:35:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-12 14:34:09 0 d-------- C:\Program Files\Nero 7.8.5.0
2007-05-10 01:48:25 0 d-------- C:\Program Files\directx
2007-05-09 19:17:33 0 d-------- C:\Program Files\Realtek AC97
2007-05-08 11:42:36 16 --a------ C:\WINDOWS\system32\winwmtbl.bin
2007-05-08 11:42:32 0 d-------- C:\Program Files\WebMonit
2007-05-08 07:51:27 0 d-------- C:\Program Files\VentSrv
2007-05-07 10:46:47 0 d-------- C:\Program Files\Avast4


-- Find3M Report ---------------------------------------------------------------

2007-06-03 03:36:21 0 d-------- C:\Program Files\Simple File Shredder
2007-06-03 03:34:27 0 d-------- C:\Program Files\MSN Messenger
2007-06-03 03:34:21 0 d-------- C:\Program Files\MoveOnBoot
2007-06-03 03:32:45 0 d-------- C:\Program Files\Fraps 2.8.2
2007-06-03 03:24:17 0 d-------- C:\Program Files\7-Zip
2007-06-02 20:59:39 0 d-------- C:\Program Files\+MsickOther+
2007-06-01 10:54:54 0 d-------- C:\Documents and Settings\Denise\Application Data\uTorrent
2007-06-01 10:54:20 0 d-------- C:\Documents and Settings\Denise\Application Data\Lavasoft
2007-05-30 00:42:34 0 d-------- C:\Program Files\C Drive Games
2007-05-26 01:33:45 0 d-------- C:\Documents and Settings\Denise\Application Data\Adobe
2007-05-23 11:25:38 0 d-------- C:\Documents and Settings\Denise\Application Data\Real
2007-05-23 11:18:50 0 d-------- C:\Program Files\Common Files\Real
2007-05-16 08:46:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-15 10:19:46 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-05-12 14:37:05 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-08 07:58:09 0 d-------- C:\Documents and Settings\Denise\Application Data\Ventrilo
2007-05-08 07:50:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-07 12:17:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-07 12:17:24 0 d-------- C:\Program Files\Symantec
2007-05-07 12:17:17 0 d-------- C:\Program Files\Symantec AntiVirus
2007-04-27 10:38:02 0 d-------- C:\Program Files\CCleaner
2007-04-25 11:50:36 0 d-------- C:\Documents and Settings\Denise\Application Data\IGN_DLM
2007-04-18 10:30:40 7643136 --a------ C:\WINDOWS\system32\LHGJYB
2007-04-18 09:39:58 0 d-------- C:\Program Files\Rootkit Revealer
2007-04-15 16:40:12 1 --a------ C:\WINDOWS\~sisRslt
2007-04-14 17:05:58 0 d-------- C:\Documents and Settings\Denise\Application Data\Sierra
2007-04-12 18:28:06 0 d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2007-04-12 08:45:55 0 d-------- C:\Program Files\Java
2007-04-12 07:58:11 0 d-------- C:\Program Files\Security Task Manager
2007-04-10 19:39:23 0 d-------- C:\Documents and Settings\Denise\Application Data\LG Electronics
2007-04-03 21:20:12 0 d-------- C:\Program Files\AGEIA Technologies
2007-03-28 16:25:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ISUSPM Startup"="c:\\progra~1\\common~1\\instal~1\\update~1\\isuspm.exe -startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Windows Security Centers"="C:\\RECYCLER\\msnmrsgrs.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Windows Updater Services"="C:\\RECYCLER\\msnupdate.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx2\\PXConsole.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Fraps"="C:\\PROGRAM FILES\\FRAPS 2.8.2\\FRAPS.EXE"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZboardTray"="\"C:\\Program Files\\Zboard Software\\Driver\\ZboardTray.exe\" /autolaunch"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dodo Speed Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Dodo Speed Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\Dodo Speed Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DODOSP~1\\slipgui.exe "
"item"="Dodo Speed Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG SyncManager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LG SyncManager.lnk"
"backup"="C:\\WINDOWS\\pss\\LG SyncManager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LG PC Suite\\LG PC Sync\\LGSyncManager.exe "
"item"="LG SyncManager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ats]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="loadqm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\asd\\loadqm.exe noshow"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Mounting Tools (for GTA)\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Check"
"hkey"="HKLM"
"command"="C:\\Windows\\System32\\Check.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FRAPS"
"hkey"="HKCU"
"command"="C:\\PROGRAM FILES\\FRAPS V2.7.3\\FRAPS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Gizmo"
"hkey"="HKLM"
"command"="C:\\Program Files\\Gizmo Project\\Gizmo.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Alaunch"
"hkey"="HKLM"
"command"="Alaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32"
"hkey"="HKLM"
"command"="Rundll32.exe SiSPower.dll,ModeAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiSUSBrg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SiSUSBrg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="slipcore"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dodo Speed Accelerator\\slipcore.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lwemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VPTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"SPBBCSvc"=dword:00000003
"SavRoam"=dword:00000003
"SandraTheSrv"=dword:00000003
"SandraDataSrv"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
"SNDSrvc"=dword:00000003
"DefWatch"=dword:00000002
"Symantec AntiVirus"=dword:00000002
"WMPNetworkSvc"=dword:00000003
"QQJ"=dword:00000003
"ose"=dword:00000003
"LexBceS"=dword:00000002
"iPod Service"=dword:00000003
"IDriverT"=dword:00000003
"Bonjour Service"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PREVXDRIVER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PREVXTDI
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PXRDDRIVER


-- End of Deckard's System Scanner: finished at 2007-06-03 at 04:18:47 ---------

[amateur]

Hello and welcome to TSF.

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

==============================

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

================================

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.

• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log for you. Post that log in your next reply
• Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

=================================

Restart your computer and scan with HijackThis again. Please post the fresh HijackThis log along with the Report.txt and the Combofix.txt.

[Mosquito]

Damnit, i'm really sorry to have wasted your time but not long after i posted this hijack log my computer went completely haywire and i was forced to wipe the hard drive. Once again i'm sorry to have wasted your time, This thread should probably be deleted or locked ;)

[amateur]

No waste of time at all. Sorry we couldn't help you in time. Thanks for letting us know.

A colleague of ours has excellent information and tips on the prevention of malware here if you would like to have a look.

Good luck.