Whenever I start the computer I get an error "During a scan of fils at system startup, potential errors in the system registry were found" then a few moments later ther is a similar message pops up "a potential problem has been discovered windows has been shutdown buggy application" I also get a ton of pop-ups and probably fake Critical error messages telling me to click the balloon to fix the problem and the anti-virus program I was running no longer loads upon start up as well....Please help!!!

now I'm literally getting hundreds of new webpages opening "about:blank" ....it reminds me of when I was a kid and I would scroll my name down the screen with the basic program 20 goto 10...........

Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:06 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coorsnet.com/cgi-bin/coors/general/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DD8F1B48-0E27-461A-8826-05B2E45EDD8E} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {e9fd3d32-3de8-494d-8795-deee8833db6c} - C:\WINDOWS\system32\xemwlnf.dll (file missing)
O2 - BHO: {1b20b728-a308-5628-9544-a33b3605bfff} - {fffb5063-b33a-4459-8265-803a827b02b1} - C:\WINDOWS\system32\uanbkhlm.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.2\webbuying.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [quiq] C:\Program Files\Common Files\quiq\quiqm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Configure.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Configuration.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202394431928
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lesky.local
O17 - HKLM\Software\..\Telephony: DomainName = lesky.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lesky.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ozbhchte - ozbhchte.dll (file missing)
O20 - Winlogon Notify: qomklji - qomklji.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7525 bytes

Here is my SAS Log, followed by Active Scan log

SUPERAntiSpyware Scan Log
Generated 02/06/2008 at 08:23 PM

Application Version : 3.6.1000

Core Rules Database Version : 3396
Trace Rules Database Version: 1388

Scan type : Complete Scan
Total Scan Time : 00:49:36

Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 4717
Registry threats detected : 20
File items scanned : 39784
File threats detected : 8

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\OZBHCHTE.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D4576C73-52BD-4401-B966-5A128C4433D4}
HKCR\CLSID\{D4576C73-52BD-4401-B966-5A128C4433D4}
HKCR\CLSID\{D4576C73-52BD-4401-B966-5A128C4433D4}\InprocServer32
HKCR\CLSID\{D4576C73-52BD-4401-B966-5A128C4433D4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QOMKLJI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4576C73-52BD-4401-B966-5A128C4433D4}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{D4576C73-52BD-4401-B966-5A128C4433D4}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{D4576C73-52BD-4401-B966-5A128C4433D4}

Adware.Web Buying
HKU\S-1-5-21-343818398-1993962763-725345543-1111\Software\WebBuying

Adware.VXGame-Trace
HKU\S-1-5-21-343818398-1993962763-725345543-1111\Software\kernelexe

Trojan.Downloader-Gen/MROFIN
C:\DOCUMENTS AND SETTINGS\GDELAUNEY\LOCAL SETTINGS\TEMP\TMP2C.TMP
C:\DOCUMENTS AND SETTINGS\GDELAUNEY\LOCAL SETTINGS\TEMP\TMP60.TMP
C:\DOCUMENTS AND SETTINGS\GDELAUNEY\LOCAL SETTINGS\TEMP\TMP61.TMP
C:\WINDOWS\__DELETE_ON_REBOOT__M_R_O_F_I_N_U_5_7_2_._E_X_E_

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\QUIQ\QUIQD\CLASS-BARREL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\NQSTV.INI


Active Scan Log:

Incident Status Location

Adware:Adware/Matcash Not disinfected C:\Program Files\Dot1XCfg\Dot1XCfg .exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\iqtrtlmw.dll
Spyware:Spyware/Virtumonde

I think that the original problem may be "cured" but I get a "Windows cannot find 'C:\window\system32\vtsqn.exe' make sure you typed the name correctly and then try again. To search for a file, click the start button and then click search.

It is then followed by a similar message: "Cannont load or run 'C:\windows\system32\vtsqn.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.

Thank you for your help!!!

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.