WTF....I think I have a f@#kn virus

I think I have a f@#kn virus because as of this morning, I can't get in to my task manager, regedit, or even restart in safe mode so i can restore my pc to an earlier time.
I think it has disabled my Spybot Search & Destroy, and maybe Ad-ware.

I've been told that my pc has been slow and freezing up lately, bt I never noticed it under my account.

What the hell happened?

This is'nt the first time this piece of s@#t has been infected, so I know abit of the routine.
So here is the hijackthis list.

Logfile of HijackThis v1.99.1
Scan saved at 2:15:44 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\pvmser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\~.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Al\LOCALS~1\Temp\eorsg.exe
C:\DOCUME~1\Al\LOCALS~1\Temp\yusajq.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Al\My Documents\Al\Appz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\~.exe"
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Orbit(2).lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (file missing)
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://pximg2.photo.epson.com/pixami/PixamiEpson.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242307570546
O16 - DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} (GenimoWebGames Control) - http://games.bigfishgames.com/en_butterfly...amesControl.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mysteryso...mesLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

There's a few additions in there that should be removed go to http://www.hijackthis.de and feed you log in there and it will give you the advice on what to keep and what to remove

some of those registry keys make me cringe...

"C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe"

hows that one working out for you? not too good from the sounds of it...but i digress because i just had to re-format because of something nasty in my pc that i could never find...which, as you know, really sux!

good luck tho...

i went http://www.hijackthis.de and tried the analyer and got nothing but a blank page.

i'm stll having the same problems but now i have to constantly restart this thing cause it freezes alot.

somebody hhhhhhhhhhhhhhhhhhhhhhhheeeeeeeeeeeeeeeeeeeeeeeeeellllllllllllllllllllllllllllll
llpppppppppppppppppppppp!!!!!!!!!

this is driving me freakn nuts..lol

This post has been edited by pHound: May 18 2009, 07:30 PM

Tried malwarebytes? - alot of people don't like it but its got rid of nasties for me others wouldn't touch (just make sure you update it before you run it to ensure u have the latest updates)

Did you put your logfile in the box before hitting the analyze button? If so and it still doesn't work, try it on another pc, but with your logfile.

Tried malwarebytes? - alot of people don't like it but its got rid of nasties for me others wouldn't touch (just make sure you update it before you run it to ensure u have the latest updates)

i'll give it a shot. ^^^^

and i did copy and paste the log file and recieved a blank page.

Using your logfile, it worked for me. Try it with another browser or on another pc.

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 <-- This is why you can't use regedit...

I would either go to www.malwareremoval.com and post the logfile there (but it might be a while until they get back to you,) or if you're feeling a bit wild, you can do it yourself by going here and using Combofix.exe to pull out some of the crap that's restricting the use of your computer. From there you can use your antivirus, antispyware, etc and clean up your own PC.

thanks. i'll give them a shot and see what happens.

alright. i tried the hijackthis analyzer site and i'm still getting a blank page.

i did download and run the malwarebytes prgram and it seem like some of the crap has been removed, but the major problems are still occurring.

next i'm going to the malwareremoval.com and see what happens next. untill then, here is an updated hijackthick log file.

oh, and thanks to all who are trying to help me with this pesky problem.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:02 AM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\pvmser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Al\LOCALS~1\Temp\windqpkmo.exe
C:\DOCUME~1\Al\LOCALS~1\Temp\winspyqt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Al\My Documents\Al\Appz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (file missing)
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://pximg2.photo.epson.com/pixami/PixamiEpson.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242307570546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242829873062
O16 - DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} (GenimoWebGames Control) - http://games.bigfishgames.com/en_butterfly...amesControl.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mysteryso...mesLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe



This post has been edited by pHound: May 21 2009, 04:58 AM

You shouldn't be getting a blank page at hijackthis.de Have you scrolled all the way down the page?

now i'm not getting a blank page.

If u fix the regedit entry - that should help - I ran yr hijackthis log on hjt .de & there were a few entries there that showed as bad ....
Only fix em if u feel confident enough in what you are doing to do so .... wouldn't want u totally knackin yr pc ...

Just try fixin the regedit one 1st .... that way at least u should be able to access registry & hopefully also boot in safe mode too where any scan will work better ... and u may then also be able to do a repair installation of windows - if u have the original xp disc with the key (which will just fix the o/s and not touch any of your other stuff )

also try the error check in yr c drive (r/click on c drive - properties - tools - check the fix & recover bad sector boxes & let it check on your next boot) - I run this bout once a month now since i had problems and it does help ....

(there are many far more qualified people to help u - but i do tend to end up muckin things up a lot & havin to fix em - so anything I post has been tried and tested & has worked on my own pc's)

This is an update to my progress>>>>>>>>>>>>>>>>>>>>>>>


Help!!! I think I have a nasty friggin virus.

Now, the problem is that I can't access my task manager through ctrl+alt+del. Everytime I try to, I get task manager has been disabled by your administrator.
I can't run regedit from the RUN function. Everytime I try, it also says it has been disabled by the administrator.
I can't restart in safe mode. Everytime I try that, a blue screen pops up and says a bunch of stuff I don't remember but along the lines of "Run CHKDSK/F blah, blah, blah. It does'nt actually say blah, blah, blah.
I can't use the system restore function.
I can't run spybot search & destroy.
I can't defrag.
The internet is running extremely slow.
When I left click items in my folder, say to delete it, my pc freezes.

I was told I should download and run Malwarebytes. That got rid of some of the problems cause now I don't have to restart my pc 10 friggin times just to log on to my account.

I've received some help from another site that had me run the mbr, combofix, etc. But know I'm not receiving their post on their site which is making this extremely difficult.

So below is the information you need. I hope I can get help with this pesky friggin problem. THANKS!!!!

This is the HIJACKTHIS Log>>>>>>>>>>>

Logfile of HijackThis v1.99.1
Scan saved at 7:46:21 AM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\pvmser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
C:\WINDOWS\TEMP\winvhqrt.exe
C:\WINDOWS\TEMP\ptmqu.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Al\My Documents\Al\Appz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files\Stardock\Object Desktop\KLP\Keys.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://pximg2.photo.epson.com/pixami/PixamiEpson.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242307570546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1242829873062
O16 - DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} (GenimoWebGames Control) - http://games.bigfishgames.com/en_butterfly...amesControl.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mysteryso...mesLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


This is the COMBOFIX Log than I ran on request from the other site. I don't know if it will help but I figured I should inform you on what I've already done in order to fix this pesky problem>>>>>>>>>>>>>>>>>

ComboFix 09-05-25.08 - Al 05/26/2009 8:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.172 [GMT -4:00]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: AT&T Internet Security Suite AT&T Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Al\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\sys_dll.dll
c:\windows\system32\uninstall.exe
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe . . . is infected!!
c:\windows\system32\proquota.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-25 01:37 . 2009-05-25 01:37 -------- d-----w c:\documents and settings\Al\Application Data\Safer Networking
2009-05-25 01:30 . 2009-05-25 01:30 -------- d-----w c:\program files\Safer Networking
2009-05-25 00:06 . 2009-05-25 00:06 -------- d-----w c:\program files\iPod
2009-05-24 05:34 . 2009-05-24 05:34 -------- d-----w c:\documents and settings\genevaw\Application Data\Malwarebytes
2009-05-24 04:20 . 2009-05-24 04:20 -------- d-----w c:\documents and settings\willie williams\Application Data\Malwarebytes
2009-05-24 03:43 . 2009-05-24 03:43 -------- d-----w c:\documents and settings\willie williams\Application Data\ImgBurn
2009-05-24 00:18 . 2009-05-25 00:08 -------- d-----w c:\program files\iTunes
2009-05-24 00:18 . 2009-05-24 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 00:17 . 2009-05-24 00:17 -------- d-----w c:\program files\Bonjour
2009-05-24 00:14 . 2009-03-26 19:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-23 11:52 . 2009-05-23 11:55 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-05-22 12:59 . 2009-05-22 13:52 -------- d-----w c:\documents and settings\Al\Application Data\GrabPro
2009-05-22 04:01 . 2009-05-22 04:06 -------- d-----w c:\documents and settings\Guest\Application Data\ATTTOOLBAR
2009-05-20 19:12 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\documents and settings\Al\Application Data\Malwarebytes
2009-05-20 04:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 04:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 04:58 . 2009-05-20 04:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-14 14:41 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-14 14:41 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-05-14 14:41 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-14 14:41 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-14 14:41 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-14 14:41 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-14 14:41 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-14 14:41 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-14 14:41 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-14 14:38 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-14 14:25 . 2008-05-01 14:30 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-14 14:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-14 14:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-14 13:50 . 2009-05-14 13:50 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-13 13:30 . 2009-05-13 13:30 1948616 ----a-w c:\documents and settings\Al\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-12 20:58 . 2009-05-12 21:11 -------- d-----w c:\program files\Sony
2009-05-11 02:42 . 2009-05-11 02:43 -------- d-----w c:\program files\Any Video Converter
2009-05-10 18:25 . 2009-05-10 18:25 -------- d-----w c:\documents and settings\genevaw\Local Settings\Application Data\SupportSoft
2009-05-10 15:23 . 2009-05-10 15:23 -------- d-----w c:\documents and settings\Al\Local Settings\Application Data\SupportSoft
2009-05-10 15:05 . 2009-05-10 15:05 -------- d-----w c:\documents and settings\willie williams\Local Settings\Application Data\SupportSoft
2009-05-10 15:04 . 2009-05-10 15:04 69120 ----a-w c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\PC-Doctor
2009-05-10 15:04 . 2009-05-10 15:04 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-05-10 15:03 . 2009-05-10 15:03 -------- d-----w c:\program files\Dell Support Center
2009-05-10 15:03 . 2009-05-10 15:03 -------- d-----w c:\program files\Common Files\supportsoft
2009-05-10 15:02 . 2009-05-10 15:05 -------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-05-10 14:38 . 2009-05-10 14:38 -------- d-----w c:\program files\Raxco
2009-05-10 14:38 . 2009-05-10 14:38 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-05-10 14:37 . 2009-05-10 14:37 -------- d-----w c:\documents and settings\willie williams\Application Data\InstallShield
2009-05-10 12:15 . 2009-05-10 12:15 -------- d-----w c:\documents and settings\Al\Application Data\GamesCafe
2009-05-10 03:29 . 2009-05-10 03:29 -------- d-----w C:\4df18394ccb617c215cd055bc385
2009-05-09 21:40 . 2009-05-09 21:40 -------- d-----w c:\documents and settings\Al\Application Data\eMule
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-09 01:30 . 2006-12-20 21:40 92728 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\bass.dll
2009-05-09 01:30 . 2006-12-21 12:34 1032192 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\MysterySolitaireSIWeb.dll
2009-05-09 01:30 . 2006-12-21 12:33 2277376 ----a-w c:\documents and settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\Big Fish Games\MysterySolitaireSIWeb\Resources.dll
2009-05-08 17:56 . 2009-05-08 18:15 -------- d-----w c:\program files\AVS4YOU
2009-05-08 17:37 . 2009-05-08 17:37 -------- d-----w C:\videooutput
2009-05-08 17:37 . 2007-02-25 19:36 383238 ----a-w c:\windows\system32\libmp3lame-0.dll
2009-05-07 22:58 . 2009-05-20 05:21 -------- d-----w c:\windows\mssrvc
2009-05-07 06:43 . 2009-05-07 06:43 1896448 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\dplugins\2.0.1.571\DiagPlugin.dll
2009-05-07 06:39 . 2009-05-07 06:39 196866 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\HTML\MakeDesktopShortcut.EXE
2009-05-06 04:56 . 2009-05-06 04:56 -------- d-----w C:\df35485d9f58055c24fbf64d48b5b401
2009-05-06 04:05 . 2009-05-06 04:06 -------- d-----w C:\9dbb9076e3fe26083f0419b0b89a
2009-05-05 02:37 . 2009-03-30 21:13 98304 ----a-w c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
2009-05-05 02:37 . 2009-05-05 02:37 -------- d-----w c:\documents and settings\All Users\Application Data\RealArcade
2009-05-05 02:36 . 2009-05-05 02:36 -------- d-----w C:\users
2009-05-05 02:35 . 2009-05-24 22:27 -------- d-----w c:\program files\RealArcade
2009-05-03 05:16 . 2009-05-03 05:17 -------- d-----w C:\314e63814f11a82b2ae2
2009-05-03 04:57 . 2009-05-03 04:57 -------- d-----w c:\documents and settings\genevaw\IETldCache
2009-05-03 04:11 . 2009-05-03 04:44 -------- d-----w c:\documents and settings\Al\Application Data\Motive
2009-05-03 03:11 . 2009-05-03 05:35 -------- d-----w c:\documents and settings\Al\Application Data\ATTTOOLBAR
2009-05-03 03:05 . 2009-05-03 03:05 -------- d-----w c:\documents and settings\Al\IETldCache
2009-05-03 02:53 . 2009-05-03 02:53 -------- d-----w c:\documents and settings\willie williams\PrivacIE
2009-05-03 02:12 . 2009-05-03 02:12 -------- d-----w c:\documents and settings\willie williams\IETldCache
2009-05-02 23:05 . 2009-05-02 23:05 -------- d-----w c:\windows\ie8updates
2009-05-02 22:26 . 2009-05-03 05:16 -------- dc----w c:\windows\ie8
2009-05-02 19:36 . 2009-05-02 19:36 262144 ----a-w C:\ntuser.dat
2009-05-02 18:58 . 2009-05-25 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\ATTToolbar
2009-05-02 18:58 . 2009-05-02 18:58 -------- d-----w c:\program files\ATTToolbar
2009-05-02 18:58 . 2009-05-03 21:30 -------- d-----w c:\documents and settings\willie williams\Application Data\ATTToolbar
2009-05-02 17:14 . 2009-05-02 18:26 -------- d-----w c:\documents and settings\willie williams\Application Data\Motive
2009-05-02 17:06 . 2009-05-02 17:06 -------- d-----w c:\program files\ATT-HSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 12:37 . 2006-07-19 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-26 11:27 . 2007-01-13 18:21 -------- d-----w c:\documents and settings\Al\Application Data\Vso
2009-05-25 19:12 . 2007-12-05 00:40 -------- d-----w c:\program files\Orbitdownloader
2009-05-25 11:27 . 2006-12-23 04:59 -------- d-----w c:\program files\Yahoo! Games
2009-05-25 11:26 . 2008-05-24 02:11 -------- d-----w c:\program files\Mystery Case Files Prime Suspects
2009-05-25 01:35 . 2006-07-19 16:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:55 . 2007-12-16 13:13 -------- d-----w c:\documents and settings\Al\Application Data\uTorrent
2009-05-25 00:05 . 2007-06-30 15:36 -------- d-----w c:\program files\Common Files\Apple
2009-05-24 23:46 . 2007-04-02 01:06 -------- d-----w c:\documents and settings\Al\Application Data\Orbit
2009-05-24 05:45 . 2007-04-16 23:58 -------- d-----w c:\documents and settings\genevaw\Application Data\Orbit
2009-05-24 05:32 . 2007-04-04 07:07 -------- d-----w c:\documents and settings\willie williams\Application Data\Orbit
2009-05-24 00:16 . 2008-01-14 18:00 -------- d-----w c:\program files\QuickTime
2009-05-22 13:58 . 2007-07-10 18:50 -------- d-----w c:\program files\IDA
2009-05-22 02:42 . 2006-12-24 18:48 4184 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-21 17:45 . 2007-01-01 12:41 -------- d-----w c:\program files\vso
2009-05-21 17:44 . 2007-02-11 11:50 47360 -c--a-w c:\documents and settings\Al\Application Data\pcouffin.sys
2009-05-21 17:44 . 2007-02-11 11:50 47360 -c--a-w c:\documents and settings\Al\Application Data\pcouffin.sys
2009-05-20 18:13 . 2006-08-04 05:26 413472 -c--a-w c:\documents and settings\genevaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:45 . 2006-12-17 18:31 -------- d-----w c:\documents and settings\Al\Application Data\ImgBurn
2009-05-16 11:42 . 2006-12-17 18:31 -------- d-----w c:\program files\ImgBurn
2009-05-16 11:19 . 2006-12-17 18:24 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-15 13:10 . 2007-01-16 21:53 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-05-12 19:51 . 2007-12-27 14:46 -------- d-----w c:\program files\Opera
2009-05-11 23:59 . 2007-11-04 00:55 -------- d-----w c:\program files\Common Files\Scanner
2009-05-11 19:56 . 2006-07-19 12:44 -------- d-----w c:\program files\IrfanView
2009-05-10 14:37 . 2007-11-04 01:02 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-05-10 14:35 . 2006-06-16 02:00 413472 -c--a-w c:\documents and settings\willie williams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 12:43 . 2008-02-16 15:36 -------- d-----w c:\program files\Sony Setup
2009-05-10 03:06 . 2008-05-03 22:22 -------- d-----w c:\program files\honestech One Touch DVD
2009-05-09 21:23 . 2006-09-20 19:56 -------- d-----w c:\program files\DC++
2009-05-09 01:30 . 2006-12-03 18:58 -------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2009-05-08 18:15 . 2007-07-13 01:55 -------- d-----w c:\program files\Common Files\AVSMedia
2009-05-03 09:12 . 2007-03-13 13:03 -------- d-----w c:\program files\Apple Software Update
2009-05-03 05:23 . 2006-08-03 17:39 -------- d--h--r c:\documents and settings\Al\Application Data\yahoo!
2009-05-03 02:12 . 2006-06-21 13:52 -------- d-----w c:\program files\Common Files\Motive
2009-05-02 20:38 . 2006-08-22 13:20 -------- d--h--r c:\documents and settings\Guest\Application Data\yahoo!
2009-05-02 20:27 . 2006-08-04 05:32 -------- d--h--r c:\documents and settings\genevaw\Application Data\yahoo!
2009-05-02 20:05 . 2007-04-09 22:29 698511 ----a-w c:\documents and settings\willie williams\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\AutoMaintenance.dll
2009-05-02 19:37 . 2007-06-23 14:08 -------- d--h--r c:\documents and settings\willie williams\Application Data\yahoo!
2009-05-02 19:36 . 2006-08-03 03:03 -------- d-----w c:\program files\Yahoo!
2009-05-02 19:36 . 2006-08-03 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-05-02 18:59 . 2007-11-04 00:51 -------- d-----w c:\program files\AT&T
2009-05-02 17:02 . 2006-06-21 13:53 -------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-04-25 12:33 . 2009-04-25 12:32 -------- d-----w c:\documents and settings\Al\Application Data\ArcSoft
2009-04-21 02:54 . 2006-06-12 22:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 02:41 . 2009-04-21 02:41 -------- d-----w c:\program files\CyberLink
2009-04-18 00:42 . 2009-04-18 00:29 -------- d-----w c:\documents and settings\genevaw\Application Data\ArcSoft
2009-04-18 00:28 . 2009-04-18 00:28 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-18 00:28 . 2009-04-18 00:28 -------- d-----w c:\program files\ArcSoft
2009-04-02 20:29 . 2009-04-02 20:29 152872 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-26 19:23 . 2008-02-02 00:20 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-21 18:38 . 2006-07-19 12:38 1080 -c--a-w c:\windows\AUTOLNCH.REG
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:00 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:14 . 2009-02-28 03:14 20871640 ----a-w c:\documents and settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe
2007-03-12 16:43 . 2007-03-12 16:43 774144 ----a-w c:\program files\RngInterstitial.dll
2005-11-04 15:25 . 2009-04-21 02:39 114688 ----a-w c:\program files\Uninstall_CDS.exe
2006-12-12 22:20 . 2006-06-22 22:57 88 --sh--r c:\windows\system32\66F74466A0.sys
2006-12-20 01:35 . 2006-08-10 13:01 104 --sh--r c:\windows\system32\7F088D69DF.sys
2006-12-31 10:07 . 2006-12-31 10:07 8 -csh--r c:\windows\system32\DF698D087F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 688128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 222768]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 458248]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 181488]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2213720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 214416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 163840]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 151552]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 258048]
"-FreedomNeedsReboot"="c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 13552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 113520]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 226864]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 319488]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2131448]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 181488]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-12-17 275696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 411944]

c:\documents and settings\Al\Start Menu\Programs\Startup\
Stardock Keyboard Launchpad.lnk - c:\program files\Stardock\Object Desktop\KLP\Keys.exe [2007-2-10 483328]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-7-19 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-12 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 01:16 176128 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\vso\\ConvertXtoDVD\\ConvertXtoDvd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\PROGRA~1\\Webshots\\Webshots.scr"=
"c:\\Program Files\\AT&T\\AT&T Internet Security Suite\\rpsupdaterR.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"=
"c:\\Program Files\\Zoom Player\\zplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Stardock\\Object Desktop\\KLP\\Keys.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\DOCUME~1\\Al\\LOCALS~1\\Temp\\windjoq.exe"=
"c:\\DOCUME~1\\Al\\LOCALS~1\\Temp\\rxkth.exe"=

R0 PVMFLDRV;PVMFLDRV;c:\windows\system32\drivers\pvmfldrv.sys [6/30/2005 11:46 AM 20352]
R2 pvmwinser;pvmwinser;c:\windows\system32\pvmser.exe [6/21/2007 11:07 AM 86016]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [9/27/2006 4:22 PM 6852]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\iekkhn.sys --> c:\windows\system32\drivers\iekkhn.sys [?]
S0 mbcovrek;mbcovrek;c:\windows\system32\drivers\avuspulm.sys --> c:\windows\system32\drivers\avuspulm.sys [?]
S0 uteohxcp;uteohxcp;c:\windows\system32\drivers\dzupnr.sys --> c:\windows\system32\drivers\dzupnr.sys [?]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe [8/10/2004 1:50 PM 5120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 21:53]

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2007-12-16 c:\windows\Tasks\utorrent.job
- c:\program files\uTorrent\utorrent.exe [2007-12-31 23:35]
.
- - - - ORPHANS REMOVED - - - -

Notify-MCPClient - c:\progra~1\COMMON~1\Stardock\mcpstub.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search - ?p=ZUman000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download ALL with IDA
IE: Download with IDA
DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} - hxxp://games.bigfishgames.com/en_butterflyescape/online/GenimoWebGamesControl.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.bigfishgames.com/en_mysterysolitairese/online/SpinTopGamesLauncher.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-149665161-874518588-2011601233-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E98EF1E-CE60-D5E8-C3CF-DE4E6ECBCB63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajidmcghbndhicohgnj"=hex:61,61,00,00
"kajidmcgbbkmhehihggblo"=hex:61,61,00,00
"fajidmcgmaci"=hex:66,61,6c,61,6b,65,6a,64,67,67,64,68,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\shdoclc.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AT&T\AT&T Internet Security Suite\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\Al\LOCALS~1\Temp\windjoq.exe
c:\docume~1\Al\LOCALS~1\Temp\rxkth.exe
.
**************************************************************************
.
Completion time: 2009-05-26 8:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 12:46

Pre-Run: 37,466,734,592 bytes free
Post-Run: 40,692,391,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=PBC1SB /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=PBC1SB-BAK

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
395 --- E O F --- 2008-01-12 08:28



And after I did the combofix, I was told to run this command line and paste the results>>>>>> cmd /c PEV -l "%systemdrive%\proquota.exe" >Log.txt&Log.txt&del Log.txt

The results I received were>>>>>>

----a-w 119,808 2004-08-04 10:00:00 C:\i386\proquota.exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 119,808 Blocks: 234


And this is were everything went all screwy and his replies on the site are not showing up.

run combofix.exe. Also if you haven't done so, turn off system restore on all drives. Viruses love to hide there.


This post has been edited by hm3buzz: May 31 2009, 03:26 PM

Actually I already ran combofix. Before I did, my pc was really slow. Now it's running fine except for whatever that thing is that I can't get rid of.

I also ran malwarebytes and evrytime I do, these are the things that repeatedly pop-up.

Malwarebytes' Anti-Malware 1.37
Database version: 2192
Windows 5.1.2600 Service Pack 2

5/29/2009 2:04:59 PM
mbam-log-2009-05-29 (14-04-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 245477
Time elapsed: 3 hour(s), 38 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\temp\ptmqu.exe (Trojan.Downloader) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\ptmqu.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\genevaw\local settings\temp\winpmxrwc.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\willie williams\local settings\temp\ixeq.exe (Trojan.Downloader) -> No action taken.



And this also.............................................





Malwarebytes' Anti-Malware 1.37
Database version: 2192
Windows 5.1.2600 Service Pack 2

5/29/2009 2:06:40 PM
mbam-log-2009-05-29 (14-06-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 245477
Time elapsed: 3 hour(s), 38 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\temp\ptmqu.exe (Trojan.Downloader) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\ptmqu.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\genevaw\local settings\temp\winpmxrwc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\willie williams\local settings\temp\ixeq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.










And should I turn off the system restore the next time I run malwarebyte scan to see if that will correct the problem?

Turn off the system restore and run the antivirus and Malwarebytes. Should take care of the problem.

Before running combofix did you disable your antivirus & firewall? They can make combofix not work properly.



Quote taken from a combofix How To Use guide.

alright. i try it again.

i just reinstalled to the way it was when i purchased this damn thing. works fine now. thanks to everybody who helped.