sorry. wasnt able to get back to my computer in time to work with you guys.

heres my origional link

http://forums.spybot.info/showthread.php?t=37096

and here are the results after following the directions


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\Mixer.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\Creative\Shared Files\CTSched.exe
E:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\Xfire\xfire.exe
E:\WINDOWS\system32\netdde.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\clipsrv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\imapi.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\tlntsvr.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\vssvc.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\System32\dmadmin.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTAPR2] "E:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CreativeTaskScheduler] "E:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [SkinClock] E:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Creative Software Update] "E:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "E:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - S-1-5-18 Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O20 - AppInit_DLLs: tqwaqk.dll evafbh.dll rzavpd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c954dbea2832a6) (gupdate1c954dbea2832a6) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9111 bytes




2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3DMark06
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Age of Conan Quick Start 2.3
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AoA Audio Extractor 1.0
Apple Software Update
Ask Toolbar
Atomic Alarm Clock 5.85
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software v4.5.0 for the BlackBerry 8130 smartphone
BlackBerry JDE 4.6.0
BlackBerry® Media Sync
Caesar 3
Cain & Abel v4.9.23
Call of Duty(R) 2
Combat Arms
Counter-Strike: Source
Creative System Information
DAEMON Tools Toolbar
DH Driver Cleaner Professional Edition
Digital Locker Assistant
Google Gears
Google Update
Guild Wars
Hellgate: London
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Java 2 Runtime Environment, SE v1.4.2_18
Java 2 SDK, SE v1.4.2_18
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 7
LimeWire 4.18.8
Magic ISO Maker v5.5 (build 0261)
Magic ISO Maker v5.5 (build 0273)
Malwarebytes' Anti-Malware
MapleStory
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
NetBeans IDE 6.1
NVIDIA Drivers
NVIDIA nTune
Oblivion
Oblivion - Spell Tomes
Oblivion mod manager 1.1.10
OpenOffice.org 2.4
PC Wizard 2008.1.84
PCI Audio Applications
PCI Audio Driver
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Workshop
RivaTuner v2.09
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sound Blaster X-Fi
SPORE™
Spybot - Search & Destroy
Steam
SysTool Overclocking Utility
TES IV INI
The Lord of the Rings Online™: Shadows of Angmar™ v01.07.00.811
TomTom HOME
Trillian
Tseries BIOS Update
Unofficial Oblivion Patch v3.0.0
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VC_MergeModuleToMSI
Ventrilo Client
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2
WinRAR archiver
Xfire (remove only)
Zboard (TM) Software




ComboFix 08-12-01.03 - Jacob 2008-12-02 18:31:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1405 [GMT -6:00]
Running from: e:\documents and settings\Jacob\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\apcbtr.dll
e:\windows\system32\awsalu.dll
e:\windows\system32\bgshfx.dll
e:\windows\system32\biwchf.dll
e:\windows\system32\bjavvmpf.dll
e:\windows\system32\ccmeqyov.dll
e:\windows\system32\cssihz.dll
e:\windows\system32\diaroyrn.dll
e:\windows\system32\dipvlarr.dll
e:\windows\system32\dlsngnar.dll
e:\windows\system32\dpuooo.dll
e:\windows\system32\eefaowyv.dll
e:\windows\system32\ekxcndqj.dll
e:\windows\system32\eogdwcpw.dll
e:\windows\system32\evafbh.dll
e:\windows\system32\fgeuxxmi.dll
e:\windows\system32\fmuhlymu.dll
e:\windows\system32\fupcnq.dll
e:\windows\system32\fxybhn.dll
e:\windows\system32\giolvrqy.ini
e:\windows\system32\guvmcw.dll
e:\windows\system32\gylbinrs.dll
e:\windows\system32\hcbybjwx.dll
e:\windows\system32\hqbodhea.dll
e:\windows\system32\hshmnf.dll
e:\windows\system32\ijgytqyp.ini
e:\windows\system32\iqomuwft.ini
e:\windows\system32\jinrum.dll
e:\windows\system32\jmhkco.dll
e:\windows\system32\jodkciwu.dll
e:\windows\system32\jtdxxo.dll
e:\windows\system32\khypymox.dll
e:\windows\system32\lfgubret.dll
e:\windows\system32\mdsifwad.dll
e:\windows\system32\moyedebi.dll
e:\windows\system32\mrunxgfe.dll
e:\windows\system32\nbxawmjp.dll
e:\windows\system32\nlcsxrgq.dll
e:\windows\system32\nqvdyqar.ini
e:\windows\system32\nsaxlz.dll
e:\windows\system32\oaxthhux.dll
e:\windows\system32\ofxvvskm.ini
e:\windows\system32\puante.dll
e:\windows\system32\pwytgiiu.dll
e:\windows\system32\pxjkwovg.dll
e:\windows\system32\qsroaall.dll
e:\windows\system32\rcgqxxsn.dll
e:\windows\system32\rvnxaglg.dll
e:\windows\system32\rwxiymnc.dll
e:\windows\system32\rzavpd.dll
e:\windows\system32\seietp.dll
e:\windows\system32\sgofbpif.dll
e:\windows\system32\tflmvdmw.dll
e:\windows\system32\tfxwllaj.ini
e:\windows\system32\tqwaqk.dll
e:\windows\system32\txpicver.ini
e:\windows\system32\tykvtwiu.dll
e:\windows\system32\ucbbjxkf.dll
e:\windows\system32\uuufok.dll
e:\windows\system32\vphiqvyi.dll
e:\windows\system32\vuranune.dll
e:\windows\system32\wcuuixft.dll
e:\windows\system32\wmkkwl.dll
e:\windows\system32\xcthlxlt.dll
e:\windows\system32\xfyummju.dll
e:\windows\system32\xgflfjfy.dll
e:\windows\system32\xgiouaqc.ini
e:\windows\system32\xougfg.dll
e:\windows\system32\xvotlj.dll
e:\windows\system32\yhxbqb.dll
e:\windows\system32\yklydjjl.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-02 18:19 . 2008-12-02 18:19 <DIR> d-------- e:\program files\Trend Micro
2008-12-02 18:13 . 2008-12-02 18:13 <DIR> d-------- e:\program files\Google
2008-11-25 18:55 . 2008-11-25 18:55 <DIR> d-------- e:\documents and settings\Jacob\.jagex_cache_32
2008-11-22 20:50 . 2008-11-22 20:50 <DIR> d-------- e:\documents and settings\Jacob\Application Data\SPORE
2008-11-22 20:34 . 2008-11-22 20:34 <DIR> d-------- e:\program files\Electronic Arts
2008-11-22 19:46 . 2008-11-22 19:46 95 --a------ e:\windows\wininit.ini
2008-11-22 19:33 . 2008-11-22 19:33 <DIR> d-------- e:\documents and settings\Jacob\Application Data\Malwarebytes
2008-11-22 19:32 . 2008-11-22 19:33 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2008-11-22 19:32 . 2008-11-22 19:32 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 19:32 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 19:32 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-20 14:44 . 2008-11-20 14:44 42,320 --a------ e:\windows\system32\xfcodec.dll
2008-11-11 18:58 . 2008-11-11 18:59 <DIR> d-------- E:\j2sdk1.4.2_18
2008-11-06 10:42 . 2008-11-08 10:52 <DIR> d-------- e:\program files\Spybot - Search & Destroy
2008-11-06 10:42 . 2008-11-08 10:55 <DIR> d-------- e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 00:27 --------- d-----w e:\program files\Xfire
2008-12-02 21:30 31 ----a-w e:\documents and settings\Jacob\jagex_runescape_preferences.dat
2008-12-02 21:24 --------- d-----w e:\program files\MagicISO
2008-12-01 13:01 --------- d-----w e:\documents and settings\Jacob\Application Data\Xfire
2008-11-30 03:53 --------- d-----w e:\program files\Steam
2008-11-29 04:08 --------- d-----w e:\documents and settings\Jacob\Application Data\LimeWire
2008-11-26 08:45 --------- d-----w e:\program files\LimeWire
2008-11-23 22:52 --------- d-----w e:\program files\Vuze
2008-11-23 22:52 --------- d-----w e:\documents and settings\Jacob\Application Data\Azureus
2008-11-23 02:33 --------- d--h--w e:\program files\InstallShield Installation Information
2008-11-12 01:01 --------- d-----w e:\program files\Java
2008-10-24 02:47 --------- d-----w e:\program files\Atomic Alarm Clock
2008-10-24 01:08 --------- d-----w e:\documents and settings\All Users\Application Data\Creative
2008-10-24 01:02 --------- d-----w e:\documents and settings\Jacob\Application Data\Creative
2008-10-24 00:59 --------- d-----w e:\program files\Creative
2008-10-24 00:55 --------- d--h--w e:\program files\Creative Installation Information
2008-10-24 00:55 --------- d-----w e:\program files\Common Files\Creative
2008-10-18 23:26 --------- d-----w e:\documents and settings\All Users\Application Data\TomTom
2008-10-18 23:25 --------- d-----w e:\program files\TomTom HOME 2
2008-10-18 23:25 --------- d-----w e:\documents and settings\Jacob\Application Data\TomTom
2008-10-18 23:09 --------- d-----w e:\program files\TomTom DesktopSuite
2008-10-14 20:39 --------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2008-10-14 20:37 --------- d-----w e:\program files\Lavasoft
2008-10-14 20:37 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2008-10-11 02:26 --------- d-----w e:\program files\Trillian
2008-10-08 02:28 --------- d-----w e:\program files\Cain
2008-10-08 02:12 --------- d-----w e:\program files\WinPcap
2008-10-07 01:56 --------- d-----w e:\program files\Flagship Studios
2008-10-06 21:12 --------- d-----w e:\documents and settings\Jacob\Application Data\OpenOffice.org2
2008-10-06 18:18 --------- d-----w e:\program files\Microsoft Silverlight
2008-10-04 17:50 1,769,472 ----a-w e:\documents and settings\Jacob\dd-wrt.v24_micro_generic.bin
2008-10-04 17:28 --------- d-----w e:\program files\Common Files\Research In Motion
2008-10-04 16:57 --------- d-----w e:\documents and settings\Jacob\Application Data\Research In Motion
2008-10-04 16:55 --------- d-----w e:\program files\Research In Motion
2008-10-04 05:29 --------- d-----w e:\program files\NetBeans 6.1
2008-09-22 12:06 256 ----a-w e:\documents and settings\Jacob\pool.bin
2008-06-29 23:14 32,768 --sha-w e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062920080630\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "e:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-24 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ISUSPM"="e:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"CreativeTaskScheduler"="e:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"SkinClock"="e:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]
"Creative Software Update"="e:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2007-01-04 481200]
"WMPNSCFG"="e:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="e:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTAPR2"="e:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="e:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 e:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-11 e:\windows\SkyTel.exe]
"C-Media Mixer"="Mixer.exe" [2002-10-15 e:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2008-05-16 e:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ZboardTray"="e:\program files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2005-05-02 380928]

e:\documents and settings\Jacob\Start Menu\Programs\Startup\
Xfire.lnk - e:\program files\Xfire\xfire.exe [2008-11-20 2986320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-03 06:14 49152 e:\windows\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tqwaqk.dll evafbh.dll rzavpd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="e:\program files\Age of Conan Quick Start\aoclaunch.exe"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=e:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Jacob^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=e:\documents and settings\Jacob\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=e:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 e:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2008-04-28 12:25 2707456 e:\program files\RivaTuner v2.09\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-06-08 11:24 236016 e:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-08-04 10:50 1271032 e:\program files\Steam\Steam.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=e:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"TomTomHOME.exe"="e:\program files\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=e:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NvCplDaemon"=RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SPIRun"=Rundll32 SPIRun.dll,RunDLLEntry
"SunJavaUpdateSched"="e:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Program Files\\Xfire\\xfire.exe"=
"e:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"e:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\nexon\Combat Arms\CombatArms.exe"= e:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"e:\nexon\Combat Arms\Engine.exe"= e:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"e:\\Nexon\\Combat Arms\\NMService.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"e:\\Program Files\\Steam\\steamapps\\finalfxtidus\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Steam\\steamapps\\loganmcj\\counter-strike source\\hl2.exe"=
"e:\\Program Files\\Trillian\\trillian.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\Research In Motion\\BlackBerry JDE 4.6.0\\simulator\\fledge.exe"=
"e:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=

R1 BIOS;BIOS;\??\e:\windows\system32\drivers\BIOS.sys [2008-06-25 13696]
R1 BS_I2cIo;BS_I2cIo;\??\e:\windows\system32\drivers\BS_I2cIo.sys [2008-07-20 16768]
R1 SysTool;SysTool Overclocking Utility;e:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R1 Tcpip6;Microsoft IPv6 Protocol Driver;e:\windows\system32\DRIVERS\tcpip6.sys [2004-08-03 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;e:\windows\system32\DRIVERS\wmiacpi.sys [2008-06-24 8832]
R2 npkcrypt;npkcrypt;\??\e:\nexon\MapleStory\npkcrypt.sys [2008-05-19 23217]
R2 nTuneService;nTune Service;e:\program files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service;e:\windows\system32\nvsvc32.exe [2008-05-02 159812]
R2 PfModNT;PfModNT;\??\e:\windows\system32\drivers\PfModNT.sys [2008-10-23 8704]
R2 PnkBstrA;PnkBstrA;e:\windows\system32\PnkBstrA.exe [2008-07-09 66872]
R3 ctsfm2k;Creative SoundFont Management Device Driver;e:\windows\system32\DRIVERS\ctsfm2k.sys [2008-10-23 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer;e:\windows\system32\drivers\ctusfsyn.sys [2008-10-23 171008]
R3 NVR0Dev;NVR0Dev;\??\e:\windows\nvoclock.sys [2007-09-04 29696]
R3 OmniUsb;Ideazon USB Zboard Driver;e:\windows\system32\DRIVERS\OmniUsb.sys [2008-06-25 28800]
R3 OmniUsbl;Ideazon USBl Zboard Driver;e:\windows\system32\DRIVERS\OmniUsbl.sys [2008-06-25 9696]
R3 ossrv;Creative OS Services Driver;e:\windows\system32\DRIVERS\ctoss2k.sys [2008-10-23 114688]
R3 RimVSerPort;RIM Virtual Serial Port v2;e:\windows\system32\DRIVERS\RimSerial.sys [2008-09-18 26496]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver;e:\windows\system32\DRIVERS\rtl8185.sys [2008-10-20 308480]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;e:\windows\system32\DRIVERS\Rtenicxp.sys [2008-06-25 101504]
R3 t3;SB Xtreme Audio Notebook;e:\windows\system32\drivers\t3.sys [2008-10-23 735744]
R3 t3filt;t3filt;e:\windows\system32\drivers\t3filt.sys [2008-10-23 1656960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver;e:\windows\system32\DRIVERS\tunmp.sys [2004-08-03 12288]
S2 gupdate1c954dbea2832a6;Google Update Service (gupdate1c954dbea2832a6);"e:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-02 133104]
S3 BS_Flash;BS_Flash;\??\e:\program files\Tseries BIOS Update\Award\BS_Flash.sys [2008-07-20 3604]
S3 cmpci;C-Media PCI Audio Driver (WDM);e:\windows\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 EagleNT;EagleNT;\??\e:\windows\system32\drivers\EagleNT.sys []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;"e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [2008-07-27 654848]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcusb;npkcusb;\??\e:\nexon\MapleStory\npkcusb.sys [2008-05-19 15472]
S3 odserv;Microsoft Office Diagnostics Service;"e:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [2007-08-24 443776]
S3 RimUsb;BlackBerry Smartphone;e:\windows\system32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 RivaTuner32;RivaTuner32;\??\e:\program files\RivaTuner v2.09\RivaTuner32.sys [2008-04-28 9088]
S3 SjyPkt;SjyPkt;\??\e:\windows\System32\Drivers\SjyPkt.sys []
S3 WpdUsb;WpdUsb;e:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2529fb3-98ef-11dd-87b0-0014d14663ff}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 e:\windows\Tasks\GoogleUpdateTaskMachine.job
- e:\program files\Google\Update\GoogleUpdate.exe [2008-12-02 18:03]

2008-12-03 e:\windows\Tasks\GoogleUpdateTaskUser.job
- e:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 18:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{271E6C9A-32FE-44A2-88C0-AB0A7EF5A2BC} - (no file)
BHO-{4A3E6D6A-7B34-4F74-B785-40BFEC1EF1E8} - (no file)
BHO-{5BE9D157-C854-484C-AA5B-59E12AFDC734} - (no file)
BHO-{66954fb1-9e90-435e-a559-a5be49cfc1b2} - (no file)
HKLM-Run-jovujimayo - e:\windows\system32\kajoveka.dll
Notify-ssqononk - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - e:\documents and settings\Jacob\Application Data\Mozilla\Firefox\Profiles\gitlj6lh.default\
FF -: plugin - e:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - e:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30716.0.dll
FF -: plugin - e:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - e:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 18:34:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Lavasoft\Ad-Aware\aawservice.exe
e:\windows\system32\scardsvr.exe
e:\windows\system32\netdde.exe
e:\windows\system32\msdtc.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\windows\system32\clipsrv.exe
e:\windows\system32\imapi.exe
e:\windows\system32\msiexec.exe
e:\program files\NVIDIA Corporation\nTune\nTuneService.exe
e:\windows\system32\sessmgr.exe
e:\windows\system32\rsvp.exe
e:\windows\system32\dllhost.exe
e:\windows\system32\tlntsvr.exe
e:\windows\system32\vssvc.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\dllhost.exe
e:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2008-12-02 18:38:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 00:38:16

Pre-Run: 9,767,063,552 bytes free
Post-Run: 10,749,546,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

337 --- E O F --- 2008-09-14 16:41:57



thanks

Hi

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

e:\documents and settings\Jacob\Application Data\LimeWire
e:\program files\LimeWire
e:\program files\Vuze
e:\documents and settings\Jacob\Application Data\Azureus

Empty Recycle Bin.

After that:


Uninstall thru add/remove programs (we'll get latest Java a bit later):
Ask Toolbar
Java 2 Runtime Environment, SE v1.4.2_18
Java 2 SDK, SE v1.4.2_18
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 7


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
e:\documents and settings\Jacob\Application Data\LimeWire
e:\program files\LimeWire
e:\program files\Vuze
e:\documents and settings\Jacob\Application Data\Azureus

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\LimeWire\\LimeWire.exe"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 11 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.