HJT log. Need help

hpi

hpi

banned
My computers really been getting to me lately being a complete POS and it's sooo slow and nothings working right or anything so I decided to get HJT and ask the experts if theres anything up.

B4 anything I don't know if it's software related or because according to my BIOS my processor is at 103C Fuc$^% degrees 15 seconds after I start my pc and stays at that temp. Everest though says it's at 45C.

The log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:06 PM, on 15/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Documents and Settings\David\Desktop\G15NetSpeed.exe
C:\Program Files\Logitech\GamePanel Software\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [346ccabb] rundll32.exe "C:\WINDOWS\system32\jckqcuna.dll",b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BM375ff927] Rundll32.exe "C:\WINDOWS\system32\ajmayoen.dll",s
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-21-2677011931-4225292455-3208804293-1012\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Angela')
O4 - HKUS\S-1-5-21-2677011931-4225292455-3208804293-1012\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Angela')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1207272008469
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207271955265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8387 bytes
 
Link doesn't load just like a lot of websites. If I search something in google, ask, yahoo nothing will load and all.

Any other way I can dl combofix?
 
Mkay heres the combofix log :

ComboFix 08-06-16.2 - David 2008-06-16 18:36:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1417 [GMT -4:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM375ff927.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiirgqbj.ini
C:\WINDOWS\system32\ajmayoen.dll
C:\WINDOWS\system32\anucqkcj.ini
C:\WINDOWS\system32\cgxnebvh.ini
C:\WINDOWS\system32\dbevesaw.dll
C:\WINDOWS\system32\fPqqttwa.ini
C:\WINDOWS\system32\fPqqttwa.ini2
C:\WINDOWS\system32\gsxlyjno.dll
C:\WINDOWS\system32\hvbenxgc.dll
C:\WINDOWS\system32\icsjxbfo.dll
C:\WINDOWS\system32\jckqcuna.dll
C:\WINDOWS\system32\kRXEKnnn.ini
C:\WINDOWS\system32\kRXEKnnn.ini2
C:\WINDOWS\system32\lbwrraha.dll
C:\WINDOWS\system32\lcodqmxr.dll
C:\WINDOWS\system32\ljJCvWpp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfrbowkv.dll
C:\WINDOWS\system32\mgbdbpav.dll
C:\WINDOWS\system32\muhuophc.dll
C:\WINDOWS\system32\nnnKEXRk.dll
C:\WINDOWS\system32\obosvvga.dll
C:\WINDOWS\system32\pccyihgp.ini
C:\WINDOWS\system32\qfyxjcvc.ini
C:\WINDOWS\system32\rfqacqbw.ini
C:\WINDOWS\system32\rkxigcau.ini
C:\WINDOWS\system32\satwfhks.dll
C:\WINDOWS\system32\sipysers.dll
C:\WINDOWS\system32\skhfwtas.ini
C:\WINDOWS\system32\wqmebnlv.dll
C:\WINDOWS\system32\wxFMnnnn.ini
C:\WINDOWS\system32\wxFMnnnn.ini2
C:\WINDOWS\system32\ypvghcib.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 17:35 . 2008-06-16 17:35 <DIR> d-------- C:\Documents and Settings\Angela\Contacts
2008-06-16 16:26 . 2008-06-16 16:26 244 --ah----- C:\sqmnoopt05.sqm
2008-06-16 16:26 . 2008-06-16 16:26 232 --ah----- C:\sqmdata05.sqm
2008-06-15 22:31 . 2008-06-15 22:32 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Ahead
2008-06-15 21:26 . 2008-06-15 21:26 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\ATI
2008-06-14 20:44 . 2004-12-21 16:51 7,794 --a------ C:\WINDOWS\vp171b-2.cat
2008-06-14 20:44 . 2005-03-04 05:41 7,786 --a------ C:\WINDOWS\g90f-3.cat
2008-06-14 20:44 . 2005-03-03 04:36 7,782 --a------ C:\WINDOWS\q51-9.cat
2008-06-14 20:44 . 2004-12-20 11:38 1,224 --a------ C:\WINDOWS\VP171b-2.inf
2008-06-14 20:44 . 2005-03-01 16:43 1,204 --a------ C:\WINDOWS\Q51-9.inf
2008-06-14 20:44 . 2005-03-01 16:43 1,164 --a------ C:\WINDOWS\G90f-3.inf
2008-06-14 20:44 . 2004-09-16 06:18 512 --a------ C:\WINDOWS\VP171b-2.icm
2008-06-14 20:44 . 2004-11-04 01:00 512 --a------ C:\WINDOWS\Q51-9.icm
2008-06-14 20:44 . 2004-07-23 01:00 512 --a------ C:\WINDOWS\G90f-3.icm
2008-06-14 20:33 . 2008-06-14 20:33 <DIR> d-------- C:\Program Files\YourWare Solutions
2008-06-14 20:09 . 2008-06-14 20:09 <DIR> d-------- C:\Documents and Settings\David\Application Data\ATI
2008-06-14 20:09 . 2008-06-14 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-14 20:02 . 2008-04-13 20:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-06-14 20:02 . 2008-04-13 20:12 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-06-14 20:02 . 2008-04-13 14:46 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-06-14 20:02 . 2008-04-13 14:46 15,232 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-06-14 20:02 . 2008-04-13 14:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-06-14 20:02 . 2008-04-13 14:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-06-14 20:02 . 2008-04-13 14:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-06-14 20:02 . 2008-04-13 14:46 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-06-14 20:02 . 2008-04-13 14:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-06-14 20:02 . 2008-04-13 14:46 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-06-14 20:01 . 2008-04-13 14:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-06-14 20:01 . 2008-04-13 14:46 85,248 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-06-14 20:01 . 2008-04-13 20:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-14 20:01 . 2008-04-13 20:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-14 20:01 . 2008-04-13 14:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-06-14 20:01 . 2008-04-13 14:46 19,200 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-06-14 20:01 . 2008-04-13 14:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-06-14 20:01 . 2008-04-13 14:46 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-06-14 20:01 . 2008-04-13 14:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-06-14 20:01 . 2008-04-13 14:39 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-06-14 19:59 . 2008-06-14 20:06 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-14 15:16 . 2008-06-14 15:16 <DIR> d-------- C:\Program Files\Defraggler
2008-06-14 12:17 . 2008-06-14 12:17 <DIR> d-------- C:\Program Files\Lavalys
2008-06-11 12:30 . 2008-06-11 12:30 <DIR> d-------- C:\Documents and Settings\David\Application Data\dvdcss
2008-06-09 18:19 . 2008-06-09 20:02 211 --a------ C:\WINDOWS\wininit.ini
2008-06-06 23:26 . 2008-06-06 23:26 <DIR> d-------- C:\Documents and Settings\David\Application Data\Lavasoft
2008-06-06 10:16 . 2008-06-06 10:16 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-06-06 10:16 . 2008-06-06 10:16 <DIR> d-------- C:\Inetpub
2008-06-06 09:44 . 2008-06-06 09:44 <DIR> d-------- C:\Program Files\Executive Software
2008-06-06 09:21 . 2008-06-08 02:01 <DIR> d-------- C:\Program Files\Comodo
2008-06-06 09:21 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-06-06 09:21 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-06-06 09:21 . 2008-04-13 20:12 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-06-06 08:49 . 2008-06-06 10:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 08:48 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-06 08:45 . 2008-06-06 08:45 <DIR> d-------- C:\Program Files\Tall Emu
2008-06-06 08:37 . 2008-06-06 08:39 <DIR> d-------- C:\Program Files\a-squared Free
2008-06-06 08:13 . 2008-06-06 23:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-24 03:36 . 2008-05-24 03:36 12,714 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-24 03:36 . 2008-05-24 03:36 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-05-24 03:22 . 2008-05-24 03:22 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-24 03:22 . 2008-05-24 03:22 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-24 03:22 . 2008-05-24 03:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-24 03:22 . 2008-05-24 03:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-24 03:20 . 2008-05-24 03:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-24 03:03 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-24 02:39 . 2008-05-24 02:39 <DIR> d-------- C:\Documents and Settings\David\Application Data\vlc
2008-05-23 22:02 . 2008-06-11 12:31 <DIR> d-------- C:\Documents and Settings\David\Application Data\Ahead
2008-05-23 22:01 . 2008-05-23 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 03:10 --------- d-----w C:\Documents and Settings\David\Application Data\uTorrent
2008-06-15 00:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 06:52 --------- d-----w C:\Program Files\Java
2008-06-07 05:08 --------- d-----w C:\Documents and Settings\David\Application Data\LimeWire
2008-06-07 02:45 --------- d-----w C:\Program Files\LimeWire
2008-06-06 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 15:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-24 15:40 --------- d-----w C:\Program Files\Nero
2008-05-24 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-24 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-24 06:28 --------- d-----w C:\Documents and Settings\David\Application Data\skypePM
2008-05-24 06:26 --------- d-----w C:\Program Files\Frets on Fire
2008-05-24 06:23 --------- d-----w C:\Program Files\Red Storm Entertainment
2008-05-24 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 06:00 --------- d-----w C:\Program Files\ATITool
2008-05-24 05:52 --------- d-----w C:\Program Files\AIM6
2008-05-24 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-19 21:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-19 17:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-10 14:35 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-03 19:14 --------- d-----w C:\Program Files\EA GAMES
2008-05-03 19:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-03 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-03 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-03 00:58 --------- d-----w C:\Documents and Settings\David\Application Data\CyberLink
2008-05-03 00:26 --------- d-----w C:\Program Files\VideoLAN
2008-04-30 04:16 --------- d-----w C:\Program Files\Bonjour
2008-04-30 04:16 --------- d-----w C:\Documents and Settings\David\Application Data\Apple Computer
2008-04-30 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 19:36 --------- d-----w C:\Documents and Settings\Angela\Application Data\Nero
2008-04-21 22:32 --------- d--h--r C:\Documents and Settings\David\Application Data\SecuROM
2008-04-18 18:58 --------- d-----w C:\Program Files\ubi.com
2008-04-18 18:57 --------- d-----w C:\Documents and Settings\David\Application Data\ubi.com
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-04 22:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 22:05 204288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 14:39 136768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 15:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 19:30 1687824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
--a------ 2007-07-17 20:08 2094352 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 18:47:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Documents and Settings\David\Desktop\G15NetSpeed.exe
C:\Program Files\Logitech\GamePanel Software\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-06-16 18:49:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 22:49:33

Pre-Run: 254,406,209,536 bytes free
Post-Run: 254,311,411,712 bytes free

249 --- E O F --- 2008-05-19 17:46:14


Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:21 PM, on 16/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Documents and Settings\David\Desktop\G15NetSpeed.exe
C:\Program Files\Logitech\GamePanel Software\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1207272008469
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207271955265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7646 bytes
 
Much better, but your logfile also shows signs of Viewpoint Manager:
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything bad. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them info about your habits. It is not considered spyware since this is not clear, but I would not tolerate it on my machine if I didn't install it.

I suggest you remove it. To do so, click on Start -> Control Panel -> Add or Remove Programs. Click on Viewpoint Manager and click Remove.

How is your system running now?
 
You must log in or register to reply here.
Back
Top