Randomly the CPU usage has been spiking between 50%-100% at all times. I was not on when this started happening, my brother was and I'm not sure what happened. Winlogon.exe and svchost as well as system Idle Resources[which is irrelevant I know] and services on occasion taking up most of the CPU. I did a registry booster scan, ad aware scans, PC Tools Spyware Doctor scans, and Eusing free registry cleaner scan. Still even with a minimum of other processes around 100% spikage. I've decided to ask for some help, logs below:

Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:31 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\WINDOWS\system32\lxdccoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\notepad.exe
D:\WINDOWS\notepad.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: {C7E37AC6-FFE7-4D90-BE70-CF7E3456DFB4} - - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - D:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: (no name) - {B791B29F-8131-4E9E-9BB9-8C62E7931D4D} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {D4720829-E07E-41B6-9863-788FEAAC36F9} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - D:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: NaturaReader - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - D:\Program Files\NaturalSoft\FreeVersion65\NVRIEBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: etlrlws - {C10518F9-D9D5-460B-BE5E-D086E214443A} - (no file)
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: hc_tray.lnk = D:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Viewpoint Search - res://D:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\gamers.comp\Documents\Teddy H DRIVE\A i M\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O20 - AppInit_DLLs: "D:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: sdqnike - D:\WINDOWS\SYSTEM32\sdqnike.dll
O20 - Winlogon Notify: vtursro - vtursro.dll (file missing)
O21 - SSODL: altvxvm - {1C614C56-3DB1-475F-8ABA-5B293CA12E72} - (no file)
O21 - SSODL: bokpkov - {61FCCF39-03CB-4CF6-BE50-D460364039D3} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdc_device - - D:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11189 bytes

and then I attached the Deckard system scan logs
Please help I need you guys

Attached Files

	extra.txt (61.7 KB, 0 views)
	main.txt (32.1 KB, 0 views)

Hey 2246, I've moved your thread to our HijackThis Logs forum

You have malware....Run these two progams.


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

Well thank you[sorry admin I messed up somewhere placing the thread] I got through combofix which found and deleted a few things but I still have problems. A new one stranger that before actually, and I believe it was already happening though and is not related to this. I can't log in using safemode.... as soon as the finger comes up where I can actually select my profile it reboots the computer. I'm guessing a reinstall was in order, but I tried before and it's caused more problems[can you believe that?]. I tried a few weeks back, and the install didnt finish. Now every time the computer is starting up I have to select what windows starts and it defaults to windows setup which then gives me an error and stays there unless I reset, so I have to choose the top one every time. Yes my computer has some problems haven't reinstalled in years but a clean wipe is just not really viable. Anyway back to the logs:

ComboFix 08-06-12.2 - Teddy 2008-06-14 23:27:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1438 [GMT -7:00]
Running from: D:\Documents and Settings\Teddy.GAMERSCOMP\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Jakob\err.log
D:\Documents and Settings\Teddy.GAMERSCOMP\err.log
D:\setup.exe
D:\WINDOWS\hosts
D:\WINDOWS\rs.txt
D:\WINDOWS\system32\c1
D:\WINDOWS\system32\drivers\core.cache.dsk
D:\WINDOWS\system32\j2
D:\WINDOWS\system32\m8
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\qtvwa.ini
D:\WINDOWS\system32\qtvwa.ini2
D:\WINDOWS\system32\rMa14yy
D:\WINDOWS\system32\winitn.dll
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 18:43 . 2008-06-14 18:43 <DIR> d-------- D:\Deckard
2008-06-14 18:35 . 2008-06-14 18:35 <DIR> d-------- D:\Program Files\Trend Micro
2008-06-14 10:50 . 2008-06-14 18:52 <DIR> d-------- D:\Program Files\Common Files\AOL
2008-06-14 10:50 . 2008-06-14 10:50 <DIR> d-------- D:\Documents and Settings\Jakob\Application Data\acccore
2008-06-14 10:50 . 2008-06-14 10:50 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-14 10:50 . 2008-06-14 10:50 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL
2008-06-14 10:49 . 2008-06-14 10:50 <DIR> d-------- D:\Program Files\AIM6
2008-06-13 22:30 . 2008-06-13 22:30 <DIR> d-------- D:\Program Files\Security Task Manager
2008-06-11 21:13 . 2008-06-11 21:13 33,792 --a------ D:\WINDOWS\system32\sdqnike.dll
2008-06-10 16:59 . 2008-06-10 16:59 <DIR> d-------- D:\Documents and Settings\Jakob\Application Data\Leadertech
2008-06-10 13:17 . 2008-04-14 04:01 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:17 . 2008-04-14 04:01 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 18:30 . 2008-06-03 18:30 <DIR> d-------- D:\WINDOWS\nvidia icons
2008-06-02 17:56 . 2008-06-02 17:56 41,296 --a--c--- D:\WINDOWS\system32\xfcodec.dll
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ D:\WINDOWS\system32\QuickTime.qts
2008-05-25 11:58 . 2008-05-02 22:46 6,554,496 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-23 10:38 . 2008-05-23 10:38 <DIR> d-------- D:\Documents and Settings\Jakob\Application Data\RTPlayer
2008-05-23 10:37 . 2008-05-23 11:18 <DIR> d-------- D:\Documents and Settings\Jakob\Application Data\tunebite
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ D:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-15 06:34 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 04:30 --------- d-----w D:\Program Files\Steam
2008-06-15 02:01 --------- d-----w D:\Program Files\Tunebite
2008-06-15 01:52 --------- d-----w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\Tunebite
2008-06-15 01:48 --------- d-----w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\Xfire
2008-06-15 00:09 --------- d-----w D:\Program Files\QuickTime
2008-06-14 17:50 --------- d-----w D:\Program Files\Viewpoint
2008-06-14 17:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-14 17:46 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-14 09:21 --------- d-----w D:\Program Files\Lavasoft
2008-06-14 09:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 09:20 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 05:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-14 05:38 --------- d-----w D:\Program Files\Spyware Doctor
2008-06-12 05:14 --------- d-----w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\BitTorrent
2008-06-11 18:02 --------- d-----w D:\Program Files\Lx_cats
2008-06-10 01:22 --------- d-----w D:\Program Files\Xfire
2008-06-03 04:24 --------- d-----w D:\Program Files\Eusing Free Registry Cleaner
2008-05-29 17:48 --------- d-----w D:\Program Files\Games Workshop
2008-05-24 07:04 --------- d-----w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\IGN_DLM
2008-05-20 08:23 --------- d-----w D:\Documents and Settings\Jakob\Application Data\Xfire
2008-05-19 23:09 22,328 -c--a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-12 00:22 22,328 -c--a-w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\PnkBstrK.sys
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 18:20 15,648 ----a-w D:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w D:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w D:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 02:40 --------- d-----w D:\Program Files\LimeWire
2008-04-23 23:26 --------- d-----w D:\Program Files\Apple Software Update
2008-04-21 07:44 --------- d-----w D:\Program Files\MySpace
2008-04-21 07:44 --------- d-----w D:\Documents and Settings\Jakob\Application Data\MySpace
2008-04-19 04:03 --------- d-----w D:\Documents and Settings\Jakob\Application Data\LimeWire
2008-04-15 06:03 --------- d-----w D:\Documents and Settings\Teddy.GAMERSCOMP\Application Data\LimeWire
2008-04-15 00:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-29 07:27 167 -c--a-w D:\Documents and Settings\Teddy.GAMERSCOMP\udownload.dat
2008-03-22 10:17 2,829 -c--a-w D:\WINDOWS\War3Unin.pif
2008-03-22 10:17 139,264 -c--a-w D:\WINDOWS\War3Unin.exe
2008-03-22 08:44 33,964 -c--a-w D:\Program Files\install.log
2007-11-27 04:58 246 -c--a-w D:\Program Files\Common Files\quhar
2007-09-11 04:19 22,328 -c--a-w D:\Documents and Settings\Jakob\Application Data\PnkBstrK.sys
2007-07-28 09:06 135 -c--a-w D:\Program Files\Common Files\rteqeg.html
2007-02-13 02:10 2,682,880 -c----w D:\Documents and Settings\All Users\VCREDI~3.EXE
2006-10-31 04:31 0 -c--a-w D:\Documents and Settings\Teddy.GAMERSCOMP\fda2aifc.exe
2006-05-25 06:34 1 -c--a-w D:\Documents and Settings\Jakob\SI.bin
2006-03-08 23:48 26,922 -c--a-w D:\Program Files\MoviePass Terms.html
2006-02-24 08:17 22,264 -c--a-w D:\Program Files\keys.dat
2006-02-24 08:17 1,803 -c--a-w D:\Program Files\preferences.txt
2005-12-27 09:40 3,341,892 -c--a-w D:\Program Files\iTunesSetup.exe
2005-12-26 15:36 11,079 -c-ha-w D:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-21 02:01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"ISTray"="D:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-02 21:51 1107848]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"LXDCCATS"="D:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXDCtime.dll" [2007-01-22 15:05 102400]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray. dll" [2008-05-02 22:46 86016]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

D:\Documents and Settings\Teddy.GAMERSCOMP\Start Menu\Programs\Startup\
hc_tray.lnk - D:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20 31944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableFavoritesDirChange"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sdqnike]
sdqnike.dll 2008-06-11 21:13 33792 D:\WINDOWS\system32\sdqnike.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtursro]
vtursro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\D:^Documents and Settings^Teddy.GAMERSCOMP^Start Menu^Programs^Startup^Diskeeper 9 Professional Edition Registration.lnk]
backup=D:\WINDOWS\pss\Diskeeper 9 Professional Edition Registration.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Teddy.GAMERSCOMP^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=D:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Teddy.GAMERSCOMP^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
backup=D:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Teddy.GAMERSCOMP^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=D:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a--c--- 2007-08-08 18:31 148760 D:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a--c--- 2007-08-08 18:39 1945448 D:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 H:\gamers.comp\Documents\Teddy H DRIVE\A i M\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
-----c--- 2004-12-02 19:23 102400 D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a--c--- 2007-03-05 13:57 1103480 D:\Program Files\IGN\Download Manager\dlm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-03-20 18:34 213936 D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
--a--c--- 2007-04-30 08:19 20480 D:\Program Files\Lexmark 1300 Series\lxdcamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxBlastMonitor.exe]
--a--c--- 2007-08-08 18:26 1169440 D:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 13:32 8699904 D:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 D:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a--c--- 2007-07-03 12:32 81920 D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 D:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 D:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a--c--- 2005-05-03 20:38 64512 D:\WINDOWS\system32\P17.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razertra]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 12:43 2097488 D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-21 02:01 68856 D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a--c--- 2005-07-08 19:18 151552 D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"McShield"=2 (0x2)
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"nTuneService"=2 (0x2)
"gusvc"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AVGEMS"=2 (0x2)
"aswUpdSv"=2 (0x2)
"nHancer"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\WINDOWS\\system32\\LEXPPS.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"D:\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\counter-strike source\\hl2.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\day of defeat source\\hl2.exe"=
"D:\\Program Files\\DAP\\DAP.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\half-life 2\\hl2.exe"=
"D:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Teddy.GAMERSCOMP\\My Documents\\eMule\\emule.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\source sdk base\\hl2.exe"=
"D:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"D:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"D:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"D:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\garrysmod\\hl2 .exe"=
"D:\\WINDOWS\\system32\\mmc.exe"=
"D:\\WINDOWS\\system32\\lxdccoms.exe"=
"D:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"D:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"D:\\WINDOWS\\system32\\pnkbstra.exe"=
"D:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Steam\\Steam.exe"=
"D:\\Program Files\\Steam\\SteamApps\\jtbrekhus\\team fortress 2\\hl2.exe"=
"D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"D:\\Program Files\\Xfire\\Xfire.exe"=
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"D:\\Documents and Settings\\Teddy.GAMERSCOMP\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v1 D0007A2\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"H:\\gamers.comp\\Documents\\Teddy H DRIVE\\eMule\\emule.exe"=
"H:\\gamers.comp\\Documents\\Teddy H DRIVE\\eMule\\xtrememod\\New Folder\\emule.exe"=
"H:\\gamers.comp\\Thrones and Patriots\\Thrones.exe"=
"H:\\gamers.comp\\Documents\\Teddy H DRIVE\\A i M\\aim.exe"=
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"H:\\gamers.comp\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"H:\\gamers.comp\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdcjswx.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdcpswx.exe"=
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdctime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:Emule reg
"6112:UDP"= 6112:UDPoW
"6500:UDP"= 6500:UDP:gs
"27900:UDP"= 27900:UDP:gspy
"27901:UDP"= 27901:UDP:gamspy
"28910:TCP"= 28910:TCP:gamnespy
"29900:TCP"= 29900:TCP:gamsp
"29901:TCP"= 29901:TCP:gamsy
"29910:UDP"= 29910:UDP:dowgspy
"29920:TCP"= 29920:TCP:gamespydow
"15101:TCP"= 15101:TCP:tribes 2
"15104:TCP"= 15104:TCP:tribes2
"80:TCP"= 80:TCP:trbies
"6112:TCP"= 6112:TCP:rts
"9103:UDP"= 9103:UDP:gpgnet
"67:UDP"= 67:UDPHCP Discovery Service
"88:UDP"= 88:UDP:Xbl
"3074:UDP"= 3074:UDP:xbl2
"3074:TCP"= 3074:TCP:xbl3
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"25777:UDP"= 25777:UDP:csxfire.com
"25999:TCP"= 25999:TCP:cs.xfire.com
"30275:UDP"= 30275:UDP:coh 1
"9100:UDP"= 9100:UDP:coh2

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)

R2 lxdc_device;lxdc_device:\WINDOWS\system32\lxdcco ms.exe [2007-05-25 09:38]
S3 ewdmaudn;ewdmaudn:\DOCUME~1\TEDDY~1.GAM\LOCALS~1 \Temp\ewdmaudn.sys []
S3 KTalk;KTalk:\DOCUME~1\Jakob\LOCALS~1\Temp\ktalk. sys []
S3 Razerlow;Razerlow USB Filter Driver:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
S3 usbprint;Microsoft USB PRINTER Class:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S4 AutoSyncService;Memeo AutoSync ;"D:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 18:28]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
D:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 23:30:00 D:\WINDOWS\Tasks\Advanced WindowsCare.job"
- D:\Program Files\IObit\Advanced WindowsCare V2\AutoCare.exe
"2008-06-14 04:28:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 03:00:00 D:\WINDOWS\Tasks\AwcUpdate.job"
- D:\Program Files\IObit\Advanced WindowsCare V2\AutoUpdate.ex
"2008-06-13 09:00:10 D:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GAMERSCOMP-Teddy).job"
- d:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-06-06 00:18:00 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Documents and Settings\Teddy.GAMERSCOMP\My Documents\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-21 21:30:34 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Documents and Settings\Teddy.GAMERSCOMP\My Documents\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 23:34:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\explorer.exe
-> D:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\CTSVCCDA.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\pnkbstra.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-06-14 23:38:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 06:38:00

Pre-Run: 7,488,720,896 bytes free
Post-Run: 8,840,343,552 bytes free

417 --- E O F --- 2008-06-10 20:32:48



attached is the Hijackthis log and of course thank you for your help so far I really need this as company of heroes and such are virtually unplayable at 6 fps help meh out!!

Attached Files

hijackthis.logv2.txt (10.1 KB, 0 views)

Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System


Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Ah my mistake I missed that step somehow. Here we are:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:46 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\WINDOWS\system32\lxdccoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\Program Files\UnHackMe\hackmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: {C7E37AC6-FFE7-4D90-BE70-CF7E3456DFB4} - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -