is this good or bad?

MBGraphics

MBGraphics

VIP Member
well, my comp start-up has gotten significantly slower over the few years ive had it, and latly it's gotten way worse. it takes about 20 minutes for it to fully start up, and be to a point where i can open things without lagging like crazy.

here's a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:02 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 16622 bytes
 
C

camel lips

New Member
Holy crap man.Thats a lot of stuff.Not even sure where to begin.



MBGraphics said:
well, my comp start-up has gotten significantly slower over the few years ive had it, and latly it's gotten way worse. it takes about 20 minutes for it to fully start up, and be to a point where i can open things without lagging like crazy.

here's a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:02 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 16622 bytes
Click to expand...
 
GameMaster

GameMaster

New Member
Hello!
I will try to help you on this one, please ask if you find anything hard to follow.

Well now after examining your log, I found that your computer is really badly infected.
It is possible to clean, of course, but among the all other infections I found a rootkit.Rootkits are very nasty, now many experts in security advise you refrmatting your hard drive to be sure you aren't infected even after they finish helping you.
It is now up to you, do you want us to continue helping or what?
It will be hard, but possible!
Good luck
 
porterjw

porterjw

Spaminator
Staff member
Based on the amount of random stuff and the fact that Windows will inherently run slower over time (you've mentioned it's been a few years already), you may find that backing up all your personal files and simply reinstalling Windows would be easier/less time-consuming,
 
MBGraphics

MBGraphics

VIP Member
I knew I was screwed:(

GameMaster, I would love the help, if you can that would be great:D

I really need to get this comp in shape, because I know I still cant build my own for another couple of years, so I need to make do with this one.
 
C

camel lips

New Member
MBGraphics said:
I knew I was screwed:(

GameMaster, I would love the help, if you can that would be great:D

I really need to get this comp in shape, because I know I still cant build my own for another couple of years, so I need to make do with this one.
Click to expand...

Easyst thing to do would be to get a external case for that puppy and use it for your files.Get a new HD and install OS on it.
 
MBGraphics

MBGraphics

VIP Member
I have a SeaGate FreeAgent Pro 320 GB External HD right now...I have all of my pictures on it, along with some other stuff....but I can always put more on it, i still have some insane 246.2 GBs left. thats after putting 16,437 files on it!:eek:

I'm just not sure what to do, ive never reformatted before.If you want, I can try to get a log of all the stuff on my external HD
 
porterjw

porterjw

Spaminator
Staff member
camel lips said:
Easyst thing to do would be to get a external case for that puppy and use it for your files.Get a new HD and install OS on it.
Click to expand...

Umm...the viruses would still be there however, on the now-external drive. If the OP opens up an infected (depending on type) file <poof> now viruses on both drives.
 
windowsvista

windowsvista

banned
Here is a list of things you can do:
Defrag
Disk Cleanup
Clear Cookies Start+run+cookies
Virus scan
Clear temp internet files.
 
MBGraphics

MBGraphics

VIP Member
I have done the defrag, i used to do that on a regular basis, i ran spy sweeper monday, which says it delets cookies, but i dont know that for sure.
 
GameMaster

GameMaster

New Member
OK, you choosed.
Please visit this webpage for instructions for downloading ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt in your next response.

Now please open up your HijackThis again, and choose Do a system scan only.
Place a check next to these items:
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
and
R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.

Now close all open windows except the HijackThis and click Fix selected.
Reboot your computer, and please post a fresh HijackThis log, with the ComboFix log as stated already.

Please if you find it impossible to post which may happen, post it in more posts or put in codes like this:
Code: 
log
.
 
MBGraphics

MBGraphics

VIP Member
Ok, here's the log for the combofix:

ComboFix 08-02-14.1 - chevy 2008-02-13 18:30:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2346 [GMT -8:00]
Running from: C:\Documents and Settings\chevy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-12 22:18 . 2008-02-12 22:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 20:14 . 2007-04-17 01:28 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-12 20:14 . 2007-01-08 19:07 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-11 11:48 . 2008-02-11 11:49 110,224 --a------ C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
2008-02-11 11:34 . 2008-02-11 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 11:27 . 2008-02-11 11:27 <DIR> d-------- C:\Program Files\Bonjour
2008-02-11 11:10 . 2008-02-11 11:10 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-10 19:15 . 2008-02-10 19:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Quick Screen Capture
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\MyCaptures
2008-02-03 11:19 . 2008-02-03 11:24 <DIR> d-------- C:\Documents and Settings\chevy\Application Data\ViStart
2008-02-03 11:07 . 2008-02-03 11:07 <DIR> d-------- C:\Documents and Settings\chevy\Application Data\Styler
2008-02-03 10:59 . 2008-02-13 18:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\VIRepair
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\WinFlip
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-03 10:59 . 2008-02-12 18:29 <DIR> d-------- C:\Program Files\ViStart
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\ViOrb
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\Styler
2008-02-03 10:59 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\SYSTEM32\viwc.exe
2008-02-03 10:58 . 2008-02-03 11:20 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-03 10:58 . 2008-02-03 10:58 <DIR> d-------- C:\Program Files\LClock
2008-02-03 10:58 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\SYSTEM32\vistaui.exe
2008-02-03 10:58 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\SYSTEM32\LClock.cpl
2008-02-03 10:58 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\SYSTEM32\vistartup.bmp
2008-02-03 10:52 . 2008-02-03 10:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\VITrans
2008-02-03 10:52 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\SYSTEM32\Uharc.exe
2008-02-03 10:52 . 2008-02-03 10:52 64,766 --a------ C:\WINDOWS\Icon_1.ico
2008-02-03 10:52 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\SYSTEM32\reico.exe
2008-02-03 10:52 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\SYSTEM32\modifype.exe
2008-02-02 20:41 . 2008-02-03 10:59 <DIR> d-------- C:\VTPFiles
2008-02-02 20:41 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\SYSTEM32\CloseApp.exe
2008-02-02 17:59 . 2008-02-02 18:00 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-02 17:55 . 2008-02-02 17:55 <DIR> d-------- C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
2008-02-02 15:33 . 2008-02-02 15:38 <DIR> d-------- C:\Program Files\skinclock
2008-02-02 15:26 . 2008-02-02 15:26 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-02-02 15:26 . 2008-02-02 15:40 <DIR> d-------- C:\Program Files\Speeditup Free
2008-02-02 15:25 . 2008-02-02 15:25 <DIR> d-------- C:\Program Files\My.Freeze Toolbar
2008-02-02 09:29 . 2008-02-11 15:28 <DIR> d-------- C:\Program Files\ScreenPrint32 v3
2008-02-02 09:29 . 2008-02-03 17:19 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-02 09:28 . 2008-02-03 17:19 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-30 18:02 . 2008-01-30 18:02 54,608 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-01-28 16:45 . 2008-01-28 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 16:44 . 2008-01-28 16:44 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-28 16:44 . 2008-01-28 16:44 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-28 16:38 . 2008-01-28 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 19:11 . 2008-01-27 19:11 <DIR> d-------- C:\Program Files\iPod
2008-01-26 21:32 . 2008-01-26 21:32 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 21:32 . 2008-01-26 21:32 55,444 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 21:27 . 2008-01-26 21:27 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-01-26 21:27 . 2008-01-26 21:32 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 02:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 02:09 --------- d-----w C:\Program Files\Steam
2008-02-13 16:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-13 16:22 107,832 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-02-13 01:41 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-02-13 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-12 04:11 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-02-11 23:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-11 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 02:31 --------- d-s---w C:\Program Files\Xfire
2008-02-02 23:25 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-01-28 03:12 --------- d-----w C:\Program Files\iTunes
2008-01-28 03:07 --------- d-----w C:\Program Files\QuickTime
2008-01-12 06:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-12 06:29 --------- d-----w C:\Program Files\Microsoft Student
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-10 00:09 --------- d-----w C:\Documents and Settings\chevy\Application Data\OpenOffice.org2
2008-01-06 20:17 --------- d-----w C:\Documents and Settings\chevy\Application Data\Yahoo!
2008-01-06 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 19:35 --------- d-----w C:\Documents and Settings\chevy\Application Data\Canon
2007-12-25 19:01 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-12-25 17:38 --------- d-----w C:\Program Files\Activision
2007-12-22 21:07 --------- d-----w C:\Program Files\EA GAMES
2007-12-22 07:11 --------- d-----w C:\Program Files\Java
2007-12-21 04:55 --------- d-----w C:\Program Files\Opera
2007-12-19 23:01 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-16 05:48 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-07 02:21 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-12-07 02:21 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-12-07 02:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-07 02:21 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-07 02:21 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-12-07 02:21 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-07 02:21 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-12-07 02:21 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-12-07 02:21 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-07 02:21 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-12-07 02:21 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-07 02:21 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-12-07 02:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-12-07 02:21 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-12-07 02:21 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-12-07 02:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-12-07 02:21 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-12-07 02:21 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-12-07 02:21 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-12-07 02:21 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-12-07 02:21 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2007-06-15 04:35 33,141 -c--a-w C:\WINDOWS\Fonts\earwigfactory.zip
2007-06-12 01:59 21,570 -c--a-w C:\WINDOWS\Fonts\jersey_letters.zip
2007-06-11 02:55 30,926 -c--a-w C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2007-06-11 02:42 132,800 -c--a-w C:\WINDOWS\Fonts\aciddreamer.zip
2007-06-09 06:13 33,042 -c--a-w C:\WINDOWS\Fonts\bloodofdracula.zip
2007-06-09 06:13 29,446 -c--a-w C:\WINDOWS\Fonts\bloodgutter.zip
2007-03-28 03:37 36,204 -c--a-w C:\WINDOWS\Fonts\ravagedbyyears.zip
2007-03-28 03:37 109,374 -c--a-w C:\WINDOWS\Fonts\landshark.zip
2007-03-28 03:36 81,465 -c--a-w C:\WINDOWS\Fonts\spatcrumb.zip
2007-03-28 03:36 61,719 -c--a-w C:\WINDOWS\Fonts\sargoo.zip
2007-03-28 03:36 114,732 -c--a-w C:\WINDOWS\Fonts\weathered.zip
2007-03-28 03:35 70,888 -c--a-w C:\WINDOWS\Fonts\waver.zip
2007-03-28 03:35 31,685 -c--a-w C:\WINDOWS\Fonts\splatz.zip
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56 329029]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-13 19:26 1266936]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 09:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 09:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 07:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 06:50 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-28 20:51 26112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"HostManager"="C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"RegistryMechanic"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 11:56 187496]
"@"="" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2002-05-29 00:23 258118]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54 5361464]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 08:39:36 214520]
PowerReg Scheduler V3.exe [2005-08-09 12:16:18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2006-12-19 15:26:22 1871872]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-07 13:21:24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 21:42]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 21:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 04:00:25 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - chevy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-08-30 16:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:36:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 18:37:09
ComboFix-quarantined-files.txt 2008-02-14 02:37:05
.
2008-02-03 20:01:05 --- E O F ---
 
MBGraphics

MBGraphics

VIP Member
and the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:33 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15969 bytes
 
GameMaster

GameMaster

New Member
Hello!
Good news, the rootkit is gone.
Now the hard part comes, since there are many remnants here.

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File:: 
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\All Users\Application Data\FLEXnet
C:\Program Files\Bonjour
C:\Program Files\Common Files\Macrovision Share
C:\Documents and Settings\LocalService\Application Data\Yahoo!
C:\Program Files\Quick Screen Capture
C:\Documents and Settings\chevy\Application Data\ViStart
C:\Documents and Settings\chevy\Application Data\Styler
C:\WINDOWS\SYSTEM32\VIRepair
C:\Program Files\WinFlip
C:\Program Files\VisualTooltip
C:\Program Files\ViStart
C:\Program Files\ViOrb
C:\Program Files\TrueTransparency
C:\Program Files\Styler
C:\WINDOWS\SYSTEM32\viwc.exe
C:\Program Files\Vista Sidebar
C:\Program Files\LClock

Folder::
C:\WINDOWS\SYSTEM32\modifype.exe
C:\VTPFiles
C:\WINDOWS\SYSTEM32\CloseApp.exe
C:\Program Files\SystemRequirementsLab
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
C:\Program Files\skinclock
C:\Program Files\My.Freeze Toolbar
C:\Program Files\ScreenPrint32 v3
C:\WINDOWS\Setup1.exe
C:\WINDOWS\ST6UNST.EXE
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next reply, please ComboFix log and Hijackthis log (fresh).
 
MBGraphics

MBGraphics

VIP Member
ok, combo fix scan:

ComboFix 08-02-14.1 - chevy 2008-02-14 15:09:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2178 [GMT -8:00]
Running from: C:\Documents and Settings\chevy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\All Users\Application Data\FLEXnet
C:\Documents and Settings\chevy\Application Data\Styler
C:\Documents and Settings\chevy\Application Data\ViStart
C:\Documents and Settings\LocalService\Application Data\Yahoo!
C:\Program Files\Bonjour
C:\Program Files\Common Files\Macrovision Share
C:\Program Files\LClock
C:\Program Files\Quick Screen Capture
C:\Program Files\Styler
C:\Program Files\TrueTransparency
C:\Program Files\ViOrb
C:\Program Files\Vista Sidebar
C:\Program Files\ViStart
C:\Program Files\VisualTooltip
C:\Program Files\WinFlip
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\WINDOWS\SYSTEM32\VIRepair
C:\WINDOWS\SYSTEM32\viwc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\srlproxy.dll.gz
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyI.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyJ.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyK.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyL.dll
C:\Program Files\My.Freeze Toolbar
C:\Program Files\My.Freeze Toolbar\basis.xml
C:\Program Files\My.Freeze Toolbar\freeze.bmp
C:\Program Files\My.Freeze Toolbar\freeze_search_us.crc
C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
C:\Program Files\My.Freeze Toolbar\freeze_search_us.inf
C:\Program Files\My.Freeze Toolbar\frzToolbar_logo.bmp
C:\Program Files\My.Freeze Toolbar\icons.bmp
C:\Program Files\My.Freeze Toolbar\info.txt
C:\Program Files\My.Freeze Toolbar\myfreeze_toolbar.bmp
C:\Program Files\My.Freeze Toolbar\options.html
C:\Program Files\My.Freeze Toolbar\powered_yahoo_search.bmp
C:\Program Files\My.Freeze Toolbar\tbhelper.dll
C:\Program Files\My.Freeze Toolbar\uninstall.exe
C:\Program Files\My.Freeze Toolbar\update.exe
C:\Program Files\My.Freeze Toolbar\version.txt
C:\Program Files\ScreenPrint32 v3
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\ScreenPrint32 v3\sprint32.reg
C:\Program Files\skinclock
C:\Program Files\skinclock\bass.dll
C:\Program Files\skinclock\basswma.dll
C:\Program Files\skinclock\SkinClock.exe
C:\Program Files\skinclock\trayclock.dll
C:\Program Files\SystemRequirementsLab
C:\Program Files\SystemRequirementsLab\srl.dat
C:\Program Files\SystemRequirementsLab\SystemSRL.dll
C:\Program Files\SystemRequirementsLab\Uninstall.exe
C:\VTPFiles
C:\VTPFiles\hexpatcher.exe
C:\VTPFiles\RESHAC~1.ini
C:\VTPFiles\RESHAC~1.log
C:\VTPFiles\vi.sif
C:\VTPFiles\vtp.sif
C:\WINDOWS\Setup1.exe\
C:\WINDOWS\ST6UNST.EXE\
C:\WINDOWS\SYSTEM32\CloseApp.exe\
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\WINDOWS\SYSTEM32\modifype.exe\
C:\WINDOWS\SYSTEM32\viwc.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-12 22:18 . 2008-02-12 22:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 11:34 . 2008-02-11 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 11:27 . 2008-02-11 11:27 <DIR> d-------- C:\Program Files\Bonjour
2008-02-11 11:10 . 2008-02-11 11:10 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-10 19:15 . 2008-02-10 19:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Quick Screen Capture
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\MyCaptures
2008-02-03 11:19 . 2008-02-03 11:24 <DIR> d-------- C:\Documents and Settings\chevy\Application Data\ViStart
2008-02-03 11:07 . 2008-02-03 11:07 <DIR> d-------- C:\Documents and Settings\chevy\Application Data\Styler
2008-02-03 10:59 . 2008-02-13 18:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\VIRepair
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\WinFlip
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-03 10:59 . 2008-02-12 18:29 <DIR> d-------- C:\Program Files\ViStart
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\ViOrb
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-03 10:59 . 2008-02-03 10:59 <DIR> d-------- C:\Program Files\Styler
2008-02-03 10:58 . 2008-02-03 11:20 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-03 10:58 . 2008-02-03 10:58 <DIR> d-------- C:\Program Files\LClock
2008-02-03 10:58 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\SYSTEM32\vistaui.exe
2008-02-03 10:58 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\SYSTEM32\LClock.cpl
2008-02-03 10:58 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\SYSTEM32\vistartup.bmp
2008-02-03 10:52 . 2008-02-03 10:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\VITrans
2008-02-03 10:52 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\SYSTEM32\Uharc.exe
2008-02-03 10:52 . 2008-02-03 10:52 64,766 --a------ C:\WINDOWS\Icon_1.ico
2008-02-03 10:52 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\SYSTEM32\reico.exe
2008-02-03 10:52 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\SYSTEM32\modifype.exe
2008-02-02 20:41 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\SYSTEM32\CloseApp.exe
2008-02-02 15:26 . 2008-02-02 15:26 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-02-02 15:26 . 2008-02-02 15:40 <DIR> d-------- C:\Program Files\Speeditup Free
2008-02-02 09:29 . 2008-02-03 17:19 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-02 09:28 . 2008-02-03 17:19 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-30 18:02 . 2008-01-30 18:02 54,608 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-01-28 16:45 . 2008-01-28 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 16:44 . 2008-01-28 16:44 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-28 16:44 . 2008-01-28 16:44 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-28 16:38 . 2008-01-28 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 19:11 . 2008-01-27 19:11 <DIR> d-------- C:\Program Files\iPod
2008-01-26 21:32 . 2008-01-26 21:32 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 21:32 . 2008-01-26 21:32 55,444 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 21:27 . 2008-01-26 21:27 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-01-26 21:27 . 2008-01-26 21:32 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 23:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 03:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-14 03:11 107,832 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-02-14 02:50 --------- d-----w C:\Program Files\Steam
2008-02-13 01:41 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-02-13 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-12 04:11 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-02-11 23:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-11 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 02:31 --------- d-s---w C:\Program Files\Xfire
2008-02-02 23:25 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-01-28 03:12 --------- d-----w C:\Program Files\iTunes
2008-01-28 03:07 --------- d-----w C:\Program Files\QuickTime
2008-01-12 06:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-12 06:29 --------- d-----w C:\Program Files\Microsoft Student
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-10 00:09 --------- d-----w C:\Documents and Settings\chevy\Application Data\OpenOffice.org2
2008-01-06 20:17 --------- d-----w C:\Documents and Settings\chevy\Application Data\Yahoo!
2008-01-06 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 19:35 --------- d-----w C:\Documents and Settings\chevy\Application Data\Canon
2007-12-25 19:01 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-12-25 17:38 --------- d-----w C:\Program Files\Activision
2007-12-22 21:07 --------- d-----w C:\Program Files\EA GAMES
2007-12-22 07:11 --------- d-----w C:\Program Files\Java
2007-12-21 04:55 --------- d-----w C:\Program Files\Opera
2007-12-19 23:01 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-16 05:48 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-07 02:21 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-12-07 02:21 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-12-07 02:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-07 02:21 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-07 02:21 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-12-07 02:21 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-07 02:21 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-12-07 02:21 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-12-07 02:21 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-07 02:21 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-12-07 02:21 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-07 02:21 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-12-07 02:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-12-07 02:21 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-12-07 02:21 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-12-07 02:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-12-07 02:21 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-12-07 02:21 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-12-07 02:21 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-12-07 02:21 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-12-07 02:21 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2007-06-15 04:35 33,141 -c--a-w C:\WINDOWS\Fonts\earwigfactory.zip
2007-06-12 01:59 21,570 -c--a-w C:\WINDOWS\Fonts\jersey_letters.zip
2007-06-11 02:55 30,926 -c--a-w C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2007-06-11 02:42 132,800 -c--a-w C:\WINDOWS\Fonts\aciddreamer.zip
2007-06-09 06:13 33,042 -c--a-w C:\WINDOWS\Fonts\bloodofdracula.zip
2007-06-09 06:13 29,446 -c--a-w C:\WINDOWS\Fonts\bloodgutter.zip
2007-03-28 03:37 36,204 -c--a-w C:\WINDOWS\Fonts\ravagedbyyears.zip
2007-03-28 03:37 109,374 -c--a-w C:\WINDOWS\Fonts\landshark.zip
2007-03-28 03:36 81,465 -c--a-w C:\WINDOWS\Fonts\spatcrumb.zip
2007-03-28 03:36 61,719 -c--a-w C:\WINDOWS\Fonts\sargoo.zip
2007-03-28 03:36 114,732 -c--a-w C:\WINDOWS\Fonts\weathered.zip
2007-03-28 03:35 70,888 -c--a-w C:\WINDOWS\Fonts\waver.zip
2007-03-28 03:35 31,685 -c--a-w C:\WINDOWS\Fonts\splatz.zip
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"viwc"="C:\WINDOWS\system32\viwc.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-13 19:26 1266936]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 09:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 09:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 07:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 06:50 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-28 20:51 26112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"HostManager"="C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"RegistryMechanic"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 11:56 187496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [ ]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2002-05-29 00:23 258118]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54 5361464]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 08:39:36 214520]
PowerReg Scheduler V3.exe [2005-08-09 12:16:18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2006-12-19 15:26:22 1871872]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-07 13:21:24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 21:42]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 21:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 04:00:25 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - chevy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-08-30 16:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 15:14:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 15:15:32
ComboFix-quarantined-files.txt 2008-02-14 23:15:28
ComboFix2.txt 2008-02-14 02:37:11
.
2008-02-03 20:01:05 --- E O F ---
 
MBGraphics

MBGraphics

VIP Member
hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:30 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15682 bytes
 
GameMaster

GameMaster

New Member
Hello!
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
Click to expand...
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
Now open up your HijackThis and choose do a system scan only.
Place a check next to these items:
  • C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
  • R3 - URLSearchHook: (no name) - - (no file)
  • O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
  • O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Now please close all opened windows except HijackThis and click Fix selected.
    Now reboot and follow the next prompts:
    Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

    If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
    • Click the Update icon at the top and under Manual Update click the Start update button.
    • The program will either update or inform you that no update was available.
    • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
    Please set up the program as follows:
    • Click the Shield icon at the top and under Resident shield is... click active. This should now
      change to inactive.
    • Click the Update icon and untick the automatic update option.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act? - make sure that Quarantine is selected.
      • Under How to scan? - All checkboxes should be ticked.
      • Under Possibly unwanted software - All checkboxes should be ticked.
      • Under Reports - Select Do not automatically generate reports.
      • Under What to scan? - Select Scan every file.
    Close all open windows.
    Do not run a scan yet.
    • Click on Scanner on the toolbar.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan your computer.
    • When the scan has finished, follow the instructions below:
      • Make sure that Set all elements to: shows Quarantine
      • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
      • When the program has finished, it will display the message All actions have been applied.
      • Then click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Tray Icon and select Exit.
    • Now copy the report back to this topic.

    Also tell me is it better now?
 
MBGraphics

MBGraphics

VIP Member
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:15:58 PM 2/15/2008

+ Scan result:



C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP766\A0172965.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
HKU\S-1-5-21-3129295021-1072316476-4045192734-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D758A3-D33B-45FD-91E3-67749B4057FA} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/PCCInstall_US.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/RPCInstall_INTL.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/RPCInstall_US.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180274.dll -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180275.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180276.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\chevy\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
 
MBGraphics

MBGraphics

VIP Member
After this scan finished, i rebooted my computer, to check to see if it ran any better, and i noticed it has improoved :D

It only took 10 minutes from the time i pushed the power button to the time i could start opening programs without a bunch of lag :)
before it was at LEAST 15 minutes, somtimes close to 20.

Thanks so much for all the help, it is so greatly appriciated! :D

where did you learn all this? haha
 
GameMaster

GameMaster

New Member
Wow many nasties cleaned...this AVG Antispyware was a huge boom.
Please, post a fresh HijackThis log so I can tell you are clean.
 
You must log in or register to reply here.
Top