# is this good or bad?



## MBGraphics

well, my comp start-up has gotten significantly slower over the few years ive had it, and latly it's gotten way worse. it takes about 20 minutes for it to fully start up, and be to a point where i can open things without lagging like crazy.

here's a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:02 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 16622 bytes


----------



## camel lips

Holy crap man.Thats a lot of stuff.Not even sure where to begin.





MBGraphics said:


> well, my comp start-up has gotten significantly slower over the few years ive had it, and latly it's gotten way worse. it takes about 20 minutes for it to fully start up, and be to a point where i can open things without lagging like crazy.
> 
> here's a hijackthis log
> 
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 10:20:02 PM, on 2/12/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16574)
> Boot mode: Normal
> 
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\ehome\ehtray.exe
> C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
> C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
> C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
> C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
> C:\WINDOWS\system32\CTHELPER.EXE
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> C:\Program Files\Real\RealPlayer\RealPlay.exe
> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
> C:\Program Files\BroadJump\Client Foundation\CFD.exe
> C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\Program Files\Microsoft IntelliPoint\point32.exe
> C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
> C:\Program Files\QuickTime\QTTask.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\WINDOWS\system32\CTsvcCDA.EXE
> C:\WINDOWS\eHome\ehRecvr.exe
> C:\WINDOWS\eHome\ehSched.exe
> C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
> C:\WINDOWS\system32\PnkBstrA.exe
> C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
> C:\Program Files\Dell Support Center\bin\sprtsvc.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Viewpoint\Common\ViewpointService.exe
> C:\Program Files\Dell Support Center\bin\sprtcmd.exe
> C:\Program Files\ViStart\ViStart.exe
> C:\Program Files\ViOrb\ViOrb.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\WINDOWS\eHome\ehmsas.exe
> C:\WINDOWS\system32\dllhost.exe
> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
> C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
> C:\Program Files\Opera\Opera.exe
> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
> 
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
> R3 - URLSearchHook: (no name) -  - (no file)
> R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
> R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.dll
> O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
> O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
> O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
> O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
> O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
> O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
> O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
> O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
> O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
> O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
> O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
> O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
> O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
> O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
> O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
> O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
> O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
> O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
> O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
> O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
> O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
> O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
> O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
> O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
> O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
> O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
> O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
> O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
> O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
> O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
> O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
> O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
> O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
> O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
> O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
> O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
> O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
> O4 - Startup: PowerReg Scheduler V3.exe
> O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
> O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
> O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
> O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
> O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
> O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
> O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
> O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
> O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
> O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
> O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
> O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
> O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
> O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
> O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
> O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
> O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
> O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
> 
> --
> End of file - 16622 bytes


----------



## GameMaster

Hello!
I will try to help you on this one, please ask if you find anything hard to follow.

Well now after examining your log, I found that your computer is really badly infected.
It is possible to clean, of course, but among the all other infections I found a rootkit.Rootkits are very nasty, now many experts in security advise you refrmatting your hard drive to be sure you aren't infected even after they finish helping you.
It is now up to you, do you want us to continue helping or what? 
It will be hard, but possible!
Good luck


----------



## porterjw

Based on the amount of random stuff and the fact that Windows will inherently run slower over time (you've mentioned it's been a few years already), you may find that backing up all your personal files and simply reinstalling Windows would be easier/less time-consuming,


----------



## MBGraphics

I knew I was screwed

GameMaster, I would love the help, if you can that would be great

I really need to get this comp in shape, because I know I still cant build my own for another couple of years, so I need to make do with this one.


----------



## camel lips

MBGraphics said:


> I knew I was screwed
> 
> GameMaster, I would love the help, if you can that would be great
> 
> I really need to get this comp in shape, because I know I still cant build my own for another couple of years, so I need to make do with this one.



Easyst thing to do would be to get a external case for that puppy and use it for your files.Get a new HD and install OS on it.


----------



## MBGraphics

I have a SeaGate FreeAgent Pro 320 GB External HD right now...I have all of my pictures on it, along with some other stuff....but I can always put more on it, i still have some insane 246.2 GBs left. thats after putting 16,437 files on it!

I'm just not sure what to do, ive never reformatted before.If you want, I can try to get a log of all the stuff on my external HD


----------



## porterjw

camel lips said:


> Easyst thing to do would be to get a external case for that puppy and use it for your files.Get a new HD and install OS on it.



Umm...the viruses would still be there however, on the now-external drive. If the OP opens up an infected (depending on type) file <poof> now viruses on both drives.


----------



## windowsvista

Here is a list of things you can do:
Defrag
Disk Cleanup
Clear Cookies Start+run+cookies
Virus scan
Clear temp internet files.


----------



## MBGraphics

I have done the defrag, i used to do that on a regular basis, i ran spy sweeper monday, which says it delets cookies, but i dont know that for sure.


----------



## GameMaster

OK, you choosed. 
Please visit this webpage for instructions for downloading ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.  
Please post the *C:\ComboFix.txt *in your next response.

Now please open up your HijackThis again, and choose *Do a system scan only.*
Place a check next to these items:
*O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll*
and 
*R3 - URLSearchHook: ToolbarURLSearchHook Class - {95E75353-51E2-4677-8118-AE529BB31246} - C:\Program Files\My.Freeze Toolbar\tbhelper.*

Now close all open windows except the HijackThis and click *Fix selected.*
Reboot your computer, and please post a fresh *HijackThis log*, with the *ComboFix *log as stated already.

Please if you find it impossible to post which may happen, post it in more posts or put in codes like this: 
	
	




		Code:
	

log

.


----------



## MBGraphics

Ok, here's the log for the combofix:

ComboFix 08-02-14.1 - chevy 2008-02-13 18:30:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2346 [GMT -8:00]
Running from: C:\Documents and Settings\chevy\Desktop\ComboFix.exe
 * Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe
H:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-01-14 to 2008-02-14  )))))))))))))))))))))))))))))))
.

2008-02-12 22:18 . 2008-02-12 22:18	<DIR>	d--------	C:\Program Files\Trend Micro
2008-02-12 20:14 . 2007-04-17 01:28	2,455,488	---------	C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-12 20:14 . 2007-01-08 19:07	991,232	---------	C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-11 11:48 . 2008-02-11 11:49	110,224	--a------	C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
2008-02-11 11:34 . 2008-02-11 11:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 11:27 . 2008-02-11 11:27	<DIR>	d--------	C:\Program Files\Bonjour
2008-02-11 11:10 . 2008-02-11 11:10	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-02-10 19:15 . 2008-02-10 19:15	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-03 17:24 . 2008-02-03 17:24	<DIR>	d--------	C:\Program Files\Quick Screen Capture
2008-02-03 17:24 . 2008-02-03 17:24	<DIR>	d--------	C:\MyCaptures
2008-02-03 11:19 . 2008-02-03 11:24	<DIR>	d--------	C:\Documents and Settings\chevy\Application Data\ViStart
2008-02-03 11:07 . 2008-02-03 11:07	<DIR>	d--------	C:\Documents and Settings\chevy\Application Data\Styler
2008-02-03 10:59 . 2008-02-13 18:07	<DIR>	d--------	C:\WINDOWS\SYSTEM32\VIRepair
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\WinFlip
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\VisualTooltip
2008-02-03 10:59 . 2008-02-12 18:29	<DIR>	d--------	C:\Program Files\ViStart
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\ViOrb
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\TrueTransparency
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\Styler
2008-02-03 10:59 . 2007-11-30 05:56	329,029	--a------	C:\WINDOWS\SYSTEM32\viwc.exe
2008-02-03 10:58 . 2008-02-03 11:20	<DIR>	d--------	C:\Program Files\Vista Sidebar
2008-02-03 10:58 . 2008-02-03 10:58	<DIR>	d--------	C:\Program Files\LClock
2008-02-03 10:58 . 2007-04-15 01:30	6,181,376	--a------	C:\WINDOWS\SYSTEM32\vistaui.exe
2008-02-03 10:58 . 2004-09-20 01:27	172,032	--a------	C:\WINDOWS\SYSTEM32\LClock.cpl
2008-02-03 10:58 . 2007-11-25 22:11	49,208	--a------	C:\WINDOWS\SYSTEM32\vistartup.bmp
2008-02-03 10:52 . 2008-02-03 10:59	<DIR>	d--------	C:\WINDOWS\SYSTEM32\VITrans
2008-02-03 10:52 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\SYSTEM32\Uharc.exe
2008-02-03 10:52 . 2008-02-03 10:52	64,766	--a------	C:\WINDOWS\Icon_1.ico
2008-02-03 10:52 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\SYSTEM32\reico.exe
2008-02-03 10:52 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\SYSTEM32\modifype.exe
2008-02-02 20:41 . 2008-02-03 10:59	<DIR>	d--------	C:\VTPFiles
2008-02-02 20:41 . 2005-05-18 11:43	81,920	--a------	C:\WINDOWS\SYSTEM32\CloseApp.exe
2008-02-02 17:59 . 2008-02-02 18:00	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-02-02 17:55 . 2008-02-02 17:55	<DIR>	d--------	C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
2008-02-02 15:33 . 2008-02-02 15:38	<DIR>	d--------	C:\Program Files\skinclock
2008-02-02 15:26 . 2008-02-02 15:26	<DIR>	d--------	C:\WINDOWS\Speeditup Free
2008-02-02 15:26 . 2008-02-02 15:40	<DIR>	d--------	C:\Program Files\Speeditup Free
2008-02-02 15:25 . 2008-02-02 15:25	<DIR>	d--------	C:\Program Files\My.Freeze Toolbar
2008-02-02 09:29 . 2008-02-11 15:28	<DIR>	d--------	C:\Program Files\ScreenPrint32 v3
2008-02-02 09:29 . 2008-02-03 17:19	249,856	---------	C:\WINDOWS\Setup1.exe
2008-02-02 09:28 . 2008-02-03 17:19	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2008-01-30 18:02 . 2008-01-30 18:02	54,608	--a------	C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-01-28 16:45 . 2008-01-28 16:45	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 16:44 . 2008-01-28 16:44	<DIR>	d--------	C:\Program Files\Dell Support Center
2008-01-28 16:44 . 2008-01-28 16:44	<DIR>	d--------	C:\Program Files\Common Files\supportsoft
2008-01-28 16:38 . 2008-01-28 17:29	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 19:11 . 2008-01-27 19:11	<DIR>	d--------	C:\Program Files\iPod
2008-01-26 21:32 . 2008-01-26 21:32	3,932,214	--a------	C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 21:32 . 2008-01-26 21:32	55,444	--a------	C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 21:27 . 2008-01-26 21:27	<DIR>	d--------	C:\WINDOWS\BricoPacks
2008-01-26 21:27 . 2008-01-26 21:32	6,114	--a------	C:\WINDOWS\BricoPackFoldersDelete.cmd

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 02:35	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-02-14 02:09	---------	d-----w	C:\Program Files\Steam
2008-02-13 16:22	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-13 16:22	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-02-13 01:41	---------	d-----w	C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-02-13 01:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-12 04:11	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Xfire
2008-02-11 23:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-02-11 23:22	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-11 19:27	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-02-09 02:31	---------	d-s---w	C:\Program Files\Xfire
2008-02-02 23:25	---------	d-----w	C:\Program Files\Free Offers from Freeze.com
2008-01-28 03:12	---------	d-----w	C:\Program Files\iTunes
2008-01-28 03:07	---------	d-----w	C:\Program Files\QuickTime
2008-01-12 06:39	---------	d-----w	C:\Program Files\OpenOffice.org 2.3
2008-01-12 06:29	---------	d-----w	C:\Program Files\Microsoft Student
2008-01-11 05:53	44,544	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-10 00:09	---------	d-----w	C:\Documents and Settings\chevy\Application Data\OpenOffice.org2
2008-01-06 20:17	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Yahoo!
2008-01-06 20:17	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 19:35	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Canon
2007-12-25 19:01	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-25 17:58	22,328	----a-w	C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-12-25 17:38	---------	d-----w	C:\Program Files\Activision
2007-12-22 21:07	---------	d-----w	C:\Program Files\EA GAMES
2007-12-22 07:11	---------	d-----w	C:\Program Files\Java
2007-12-21 04:55	---------	d-----w	C:\Program Files\Opera
2007-12-19 23:01	347,136	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51	179,584	----a-w	C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51	179,584	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-16 05:48	---------	d-----w	C:\Program Files\Microsoft Plus! Digital Media Edition
2007-12-08 05:21	3,592,192	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 02:21	824,832	----a-w	C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-07 02:21	824,832	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-12-07 02:21	671,232	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-12-07 02:21	63,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-07 02:21	6,066,176	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-07 02:21	52,224	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-07 02:21	478,208	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-12-07 02:21	459,264	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-07 02:21	44,544	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-12-07 02:21	384,512	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-12-07 02:21	383,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-07 02:21	27,648	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-12-07 02:21	267,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-07 02:21	233,472	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-12-07 02:21	230,400	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-12-07 02:21	214,528	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-12-07 02:21	193,024	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-12-07 02:21	153,088	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-12-07 02:21	133,120	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-12-07 02:21	124,928	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-12-07 02:21	105,984	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-12-07 02:21	102,912	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-12-07 02:21	1,159,680	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-12-06 11:01	625,664	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00	70,656	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00	13,824	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59	161,792	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38	550,912	------w	C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38	550,912	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-10-06 21:22	1,066,496	-csha-w	C:\Program Files\ehthumbs.db
2007-06-15 04:35	33,141	-c--a-w	C:\WINDOWS\Fonts\earwigfactory.zip
2007-06-12 01:59	21,570	-c--a-w	C:\WINDOWS\Fonts\jersey_letters.zip
2007-06-11 02:55	30,926	-c--a-w	C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2007-06-11 02:42	132,800	-c--a-w	C:\WINDOWS\Fonts\aciddreamer.zip
2007-06-09 06:13	33,042	-c--a-w	C:\WINDOWS\Fonts\bloodofdracula.zip
2007-06-09 06:13	29,446	-c--a-w	C:\WINDOWS\Fonts\bloodgutter.zip
2007-03-28 03:37	36,204	-c--a-w	C:\WINDOWS\Fonts\ravagedbyyears.zip
2007-03-28 03:37	109,374	-c--a-w	C:\WINDOWS\Fonts\landshark.zip
2007-03-28 03:36	81,465	-c--a-w	C:\WINDOWS\Fonts\spatcrumb.zip
2007-03-28 03:36	61,719	-c--a-w	C:\WINDOWS\Fonts\sargoo.zip
2007-03-28 03:36	114,732	-c--a-w	C:\WINDOWS\Fonts\weathered.zip
2007-03-28 03:35	70,888	-c--a-w	C:\WINDOWS\Fonts\waver.zip
2007-03-28 03:35	31,685	-c--a-w	C:\WINDOWS\Fonts\splatz.zip
2005-08-06 06:54	211,952	----a-w	C:\Program Files\new.sc3
2005-08-06 03:55	164,538	-c--a-w	C:\Program Files\new city.sc3
2005-07-29 22:52	56,192	----a-w	C:\Program Files\New City69.sc3
2005-07-07 23:07	251	----a-w	C:\Program Files\wt3d.ini
2003-05-27 03:08	8,964,958	----a-w	C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59	436,224	----a-w	C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34	467,968	----a-w	C:\Documents and Settings\chevy\SCXEUpd.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56 329029]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-13 19:26 1266936]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 09:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 09:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 07:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 06:50 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-28 20:51 26112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"HostManager"="C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"RegistryMechanic"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 11:56 187496]
"@"="" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2002-05-29 00:23 258118]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54 5361464]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 08:39:36 214520]
PowerReg Scheduler V3.exe [2005-08-09 12:16:18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2006-12-19 15:26:22 1871872]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-07 13:21:24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 21:42]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 21:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 04:00:25 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - chevy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-08-30 16:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:36:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-13 18:37:09
ComboFix-quarantined-files.txt  2008-02-14 02:37:05
.
2008-02-03 20:01:05	--- E O F ---


----------



## MBGraphics

and the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:33 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: XBTB03021 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15969 bytes


----------



## GameMaster

Hello!
Good news, the rootkit is gone. 
Now the hard part comes, since there are many remnants here.

*COMBOFIX-Script*


 Please open *Notepad* (Start -> Run -> type *notepad* in the Open field -> OK) and copy and paste the text present *inside* the code box below: 



		Code:
	

File:: 
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\All Users\Application Data\FLEXnet
C:\Program Files\Bonjour
C:\Program Files\Common Files\Macrovision Share
C:\Documents and Settings\LocalService\Application Data\Yahoo!
C:\Program Files\Quick Screen Capture
C:\Documents and Settings\chevy\Application Data\ViStart
C:\Documents and Settings\chevy\Application Data\Styler
C:\WINDOWS\SYSTEM32\VIRepair
C:\Program Files\WinFlip
C:\Program Files\VisualTooltip
C:\Program Files\ViStart
C:\Program Files\ViOrb
C:\Program Files\TrueTransparency
C:\Program Files\Styler
C:\WINDOWS\SYSTEM32\viwc.exe
C:\Program Files\Vista Sidebar
C:\Program Files\LClock

Folder::
C:\WINDOWS\SYSTEM32\modifype.exe
C:\VTPFiles
C:\WINDOWS\SYSTEM32\CloseApp.exe
C:\Program Files\SystemRequirementsLab
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
C:\Program Files\skinclock
C:\Program Files\My.Freeze Toolbar
C:\Program Files\ScreenPrint32 v3
C:\WINDOWS\Setup1.exe
C:\WINDOWS\ST6UNST.EXE


 Save this as *CFScript.txt* and change the "*Save as type*" to "*All Files*" and place it on your desktop. 






 Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe.* 
 ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. 
 When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. 
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next reply, please ComboFix log and Hijackthis log (fresh).


----------



## MBGraphics

ok, combo fix scan:

ComboFix 08-02-14.1 - chevy 2008-02-14 15:09:42.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2178 [GMT -8:00]
Running from: C:\Documents and Settings\chevy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chevy\Desktop\CFScript.txt
 * Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*

FILE
C:\Documents and Settings\All Users\Application Data\FLEXnet
C:\Documents and Settings\chevy\Application Data\Styler
C:\Documents and Settings\chevy\Application Data\ViStart
C:\Documents and Settings\LocalService\Application Data\Yahoo!
C:\Program Files\Bonjour
C:\Program Files\Common Files\Macrovision Share
C:\Program Files\LClock
C:\Program Files\Quick Screen Capture
C:\Program Files\Styler
C:\Program Files\TrueTransparency
C:\Program Files\ViOrb
C:\Program Files\Vista Sidebar
C:\Program Files\ViStart
C:\Program Files\VisualTooltip
C:\Program Files\WinFlip
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\WINDOWS\SYSTEM32\VIRepair
C:\WINDOWS\SYSTEM32\viwc.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\srlproxy.dll.gz
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyI.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyJ.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyK.dll
C:\Documents and Settings\chevy\Application Data\SystemRequirementsLab\SRLProxyL.dll
C:\Program Files\My.Freeze Toolbar
C:\Program Files\My.Freeze Toolbar\basis.xml
C:\Program Files\My.Freeze Toolbar\freeze.bmp
C:\Program Files\My.Freeze Toolbar\freeze_search_us.crc
C:\Program Files\My.Freeze Toolbar\freeze_search_us.dll
C:\Program Files\My.Freeze Toolbar\freeze_search_us.inf
C:\Program Files\My.Freeze Toolbar\frzToolbar_logo.bmp
C:\Program Files\My.Freeze Toolbar\icons.bmp
C:\Program Files\My.Freeze Toolbar\info.txt
C:\Program Files\My.Freeze Toolbar\myfreeze_toolbar.bmp
C:\Program Files\My.Freeze Toolbar\options.html
C:\Program Files\My.Freeze Toolbar\powered_yahoo_search.bmp
C:\Program Files\My.Freeze Toolbar\tbhelper.dll
C:\Program Files\My.Freeze Toolbar\uninstall.exe
C:\Program Files\My.Freeze Toolbar\update.exe
C:\Program Files\My.Freeze Toolbar\version.txt
C:\Program Files\ScreenPrint32 v3
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\ScreenPrint32 v3\sprint32.reg
C:\Program Files\skinclock
C:\Program Files\skinclock\bass.dll
C:\Program Files\skinclock\basswma.dll
C:\Program Files\skinclock\SkinClock.exe
C:\Program Files\skinclock\trayclock.dll
C:\Program Files\SystemRequirementsLab
C:\Program Files\SystemRequirementsLab\srl.dat
C:\Program Files\SystemRequirementsLab\SystemSRL.dll
C:\Program Files\SystemRequirementsLab\Uninstall.exe
C:\VTPFiles
C:\VTPFiles\hexpatcher.exe
C:\VTPFiles\RESHAC~1.ini
C:\VTPFiles\RESHAC~1.log
C:\VTPFiles\vi.sif
C:\VTPFiles\vtp.sif
C:\WINDOWS\Setup1.exe\
C:\WINDOWS\ST6UNST.EXE\
C:\WINDOWS\SYSTEM32\CloseApp.exe\
C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
C:\WINDOWS\SYSTEM32\modifype.exe\
C:\WINDOWS\SYSTEM32\viwc.exe

.
(((((((((((((((((((((((((   Files Created from 2008-01-14 to 2008-02-14  )))))))))))))))))))))))))))))))
.

2008-02-12 22:18 . 2008-02-12 22:18	<DIR>	d--------	C:\Program Files\Trend Micro
2008-02-11 11:34 . 2008-02-11 11:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 11:27 . 2008-02-11 11:27	<DIR>	d--------	C:\Program Files\Bonjour
2008-02-11 11:10 . 2008-02-11 11:10	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-02-10 19:15 . 2008-02-10 19:15	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-03 17:24 . 2008-02-03 17:24	<DIR>	d--------	C:\Program Files\Quick Screen Capture
2008-02-03 17:24 . 2008-02-03 17:24	<DIR>	d--------	C:\MyCaptures
2008-02-03 11:19 . 2008-02-03 11:24	<DIR>	d--------	C:\Documents and Settings\chevy\Application Data\ViStart
2008-02-03 11:07 . 2008-02-03 11:07	<DIR>	d--------	C:\Documents and Settings\chevy\Application Data\Styler
2008-02-03 10:59 . 2008-02-13 18:48	<DIR>	d--------	C:\WINDOWS\SYSTEM32\VIRepair
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\WinFlip
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\VisualTooltip
2008-02-03 10:59 . 2008-02-12 18:29	<DIR>	d--------	C:\Program Files\ViStart
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\ViOrb
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\TrueTransparency
2008-02-03 10:59 . 2008-02-03 10:59	<DIR>	d--------	C:\Program Files\Styler
2008-02-03 10:58 . 2008-02-03 11:20	<DIR>	d--------	C:\Program Files\Vista Sidebar
2008-02-03 10:58 . 2008-02-03 10:58	<DIR>	d--------	C:\Program Files\LClock
2008-02-03 10:58 . 2007-04-15 01:30	6,181,376	--a------	C:\WINDOWS\SYSTEM32\vistaui.exe
2008-02-03 10:58 . 2004-09-20 01:27	172,032	--a------	C:\WINDOWS\SYSTEM32\LClock.cpl
2008-02-03 10:58 . 2007-11-25 22:11	49,208	--a------	C:\WINDOWS\SYSTEM32\vistartup.bmp
2008-02-03 10:52 . 2008-02-03 10:59	<DIR>	d--------	C:\WINDOWS\SYSTEM32\VITrans
2008-02-03 10:52 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\SYSTEM32\Uharc.exe
2008-02-03 10:52 . 2008-02-03 10:52	64,766	--a------	C:\WINDOWS\Icon_1.ico
2008-02-03 10:52 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\SYSTEM32\reico.exe
2008-02-03 10:52 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\SYSTEM32\modifype.exe
2008-02-02 20:41 . 2005-05-18 11:43	81,920	--a------	C:\WINDOWS\SYSTEM32\CloseApp.exe
2008-02-02 15:26 . 2008-02-02 15:26	<DIR>	d--------	C:\WINDOWS\Speeditup Free
2008-02-02 15:26 . 2008-02-02 15:40	<DIR>	d--------	C:\Program Files\Speeditup Free
2008-02-02 09:29 . 2008-02-03 17:19	249,856	---------	C:\WINDOWS\Setup1.exe
2008-02-02 09:28 . 2008-02-03 17:19	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2008-01-30 18:02 . 2008-01-30 18:02	54,608	--a------	C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-01-28 16:45 . 2008-01-28 16:45	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 16:44 . 2008-01-28 16:44	<DIR>	d--------	C:\Program Files\Dell Support Center
2008-01-28 16:44 . 2008-01-28 16:44	<DIR>	d--------	C:\Program Files\Common Files\supportsoft
2008-01-28 16:38 . 2008-01-28 17:29	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 19:11 . 2008-01-27 19:11	<DIR>	d--------	C:\Program Files\iPod
2008-01-26 21:32 . 2008-01-26 21:32	3,932,214	--a------	C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-26 21:32 . 2008-01-26 21:32	55,444	--a------	C:\WINDOWS\BricoPackUninst.cmd
2008-01-26 21:27 . 2008-01-26 21:27	<DIR>	d--------	C:\WINDOWS\BricoPacks
2008-01-26 21:27 . 2008-01-26 21:32	6,114	--a------	C:\WINDOWS\BricoPackFoldersDelete.cmd

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 23:03	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-02-14 03:11	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-14 03:11	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-02-14 02:50	---------	d-----w	C:\Program Files\Steam
2008-02-13 01:41	---------	d-----w	C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-02-13 01:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-12 04:11	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Xfire
2008-02-11 23:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-02-11 23:22	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-11 19:27	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-02-09 02:31	---------	d-s---w	C:\Program Files\Xfire
2008-02-02 23:25	---------	d-----w	C:\Program Files\Free Offers from Freeze.com
2008-01-28 03:12	---------	d-----w	C:\Program Files\iTunes
2008-01-28 03:07	---------	d-----w	C:\Program Files\QuickTime
2008-01-12 06:39	---------	d-----w	C:\Program Files\OpenOffice.org 2.3
2008-01-12 06:29	---------	d-----w	C:\Program Files\Microsoft Student
2008-01-11 05:53	44,544	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-10 00:09	---------	d-----w	C:\Documents and Settings\chevy\Application Data\OpenOffice.org2
2008-01-06 20:17	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Yahoo!
2008-01-06 20:17	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 19:35	---------	d-----w	C:\Documents and Settings\chevy\Application Data\Canon
2007-12-25 19:01	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-12-25 17:58	22,328	----a-w	C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-12-25 17:38	---------	d-----w	C:\Program Files\Activision
2007-12-22 21:07	---------	d-----w	C:\Program Files\EA GAMES
2007-12-22 07:11	---------	d-----w	C:\Program Files\Java
2007-12-21 04:55	---------	d-----w	C:\Program Files\Opera
2007-12-19 23:01	347,136	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51	179,584	----a-w	C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51	179,584	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-16 05:48	---------	d-----w	C:\Program Files\Microsoft Plus! Digital Media Edition
2007-12-08 05:21	3,592,192	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 02:21	824,832	----a-w	C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-07 02:21	824,832	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-12-07 02:21	671,232	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-12-07 02:21	63,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-07 02:21	6,066,176	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-07 02:21	52,224	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-07 02:21	478,208	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-12-07 02:21	459,264	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-07 02:21	44,544	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-12-07 02:21	384,512	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-12-07 02:21	383,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-07 02:21	27,648	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-12-07 02:21	267,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-07 02:21	233,472	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-12-07 02:21	230,400	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-12-07 02:21	214,528	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-12-07 02:21	193,024	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-12-07 02:21	153,088	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-12-07 02:21	133,120	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-12-07 02:21	124,928	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-12-07 02:21	105,984	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-12-07 02:21	102,912	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-12-07 02:21	1,159,680	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-12-06 11:01	625,664	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00	70,656	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00	13,824	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59	161,792	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38	550,912	------w	C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38	550,912	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-10-06 21:22	1,066,496	-csha-w	C:\Program Files\ehthumbs.db
2007-06-15 04:35	33,141	-c--a-w	C:\WINDOWS\Fonts\earwigfactory.zip
2007-06-12 01:59	21,570	-c--a-w	C:\WINDOWS\Fonts\jersey_letters.zip
2007-06-11 02:55	30,926	-c--a-w	C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2007-06-11 02:42	132,800	-c--a-w	C:\WINDOWS\Fonts\aciddreamer.zip
2007-06-09 06:13	33,042	-c--a-w	C:\WINDOWS\Fonts\bloodofdracula.zip
2007-06-09 06:13	29,446	-c--a-w	C:\WINDOWS\Fonts\bloodgutter.zip
2007-03-28 03:37	36,204	-c--a-w	C:\WINDOWS\Fonts\ravagedbyyears.zip
2007-03-28 03:37	109,374	-c--a-w	C:\WINDOWS\Fonts\landshark.zip
2007-03-28 03:36	81,465	-c--a-w	C:\WINDOWS\Fonts\spatcrumb.zip
2007-03-28 03:36	61,719	-c--a-w	C:\WINDOWS\Fonts\sargoo.zip
2007-03-28 03:36	114,732	-c--a-w	C:\WINDOWS\Fonts\weathered.zip
2007-03-28 03:35	70,888	-c--a-w	C:\WINDOWS\Fonts\waver.zip
2007-03-28 03:35	31,685	-c--a-w	C:\WINDOWS\Fonts\splatz.zip
2005-08-06 06:54	211,952	----a-w	C:\Program Files\new.sc3
2005-08-06 03:55	164,538	-c--a-w	C:\Program Files\new city.sc3
2005-07-29 22:52	56,192	----a-w	C:\Program Files\New City69.sc3
2005-07-07 23:07	251	----a-w	C:\Program Files\wt3d.ini
2003-05-27 03:08	8,964,958	----a-w	C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59	436,224	----a-w	C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34	467,968	----a-w	C:\Documents and Settings\chevy\SCXEUpd.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"viwc"="C:\WINDOWS\system32\viwc.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-13 19:26 1266936]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 09:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 09:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 07:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 22:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 06:50 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 22:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-06-28 20:51 26112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"HostManager"="C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"RegistryMechanic"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 11:56 187496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [ ]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2002-05-29 00:23 258118]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54 5361464]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 08:39:36 214520]
PowerReg Scheduler V3.exe [2005-08-09 12:16:18 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2006-12-19 15:26:22 1871872]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-08-07 13:21:24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 21:42]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 21:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 04:00:25 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - chevy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-08-30 16:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 15:14:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-14 15:15:32
ComboFix-quarantined-files.txt  2008-02-14 23:15:28
ComboFix2.txt  2008-02-14 02:37:11
.
2008-02-03 20:01:05	--- E O F ---


----------



## MBGraphics

hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:30 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15682 bytes


----------



## GameMaster

Hello!
I see that *Viewpoint* is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting *Disable auto-updating for the Viewpoint Manager* -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision. 


> To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


*Viewpoint Manager* is considered as *foistware instead of malware* since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read *Viewpoint to Plunge Into Adware*. 
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the *the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player)*: 

 Click *Start*, point to *Settings*, and then click *Control Panel*. 
 In *Control Panel*, double-click *Add or Remove Programs*. 
 In *Add or Remove Programs*, highlight *>>Viewpoint component<< *, click *Remove.* 
 Do the same for each *Viewpoint* component.
Now open up your HijackThis and choose *do a system scan only.*
Place a check next to these items:

*C:\Program Files\Viewpoint\Common\ViewpointService.exe*
 *C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe *
*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html*
*R3 - URLSearchHook: (no name) - - (no file)*
*O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)*
*O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe*

Now please close all opened windows except HijackThis and click *Fix selected.*
Now reboot and follow the next prompts:
Download the trial version of *AVG Anti-Spyware* from here and install it. When the program has been installed, and you click the *Finish* button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
Click the *Update* icon at the top and under *Manual Update* click the *Start update* button.
The program will either update or inform you that no update was available.
It is essential that you get the update - keep trying until successful. (*Note:* If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on *avgas-signatures-full-current.exe* to install the database).
Please set up the program as follows:
Click the *Shield* icon at the top and under *Resident shield is...* click *active*. This should now
change to *inactive*.
Click the *Update* icon and untick the automatic update option.
Click on *Scanner* on the toolbar.
Click on the *Settings* tab.
Under *How to act?* - make sure that *Quarantine* is selected.
Under *How to scan?* - All checkboxes should be ticked.
Under *Possibly unwanted software* - All checkboxes should be ticked.
Under *Reports* - Select *Do not automatically generate reports*.
Under *What to scan?* - Select *Scan every file*.

Close *all* open windows.
*Do not run a scan yet*.

Click on *Scanner* on the toolbar.
Click on *Complete System Scan* to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
Make sure that *Set all elements to:* shows *Quarantine*
*Important:* Click on the *Apply all Actions* button (**** This  must  done before saving the report  ****)
 When the program has finished, it will display the message *All actions have been applied*. 
Then click the *Save Scan Report* button.
Click the *Save Report as* button.
Save the report to your Desktop.

Right-click the AVG Tray Icon and select *Exit*.
Now copy the report back to this topic.

Also tell me is it better now?


----------



## MBGraphics

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	5:15:58 PM 2/15/2008

 + Scan result:	



C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP766\A0172965.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
HKU\S-1-5-21-3129295021-1072316476-4045192734-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D758A3-D33B-45FD-91E3-67749B4057FA} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/PCCInstall_US.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/RPCInstall_INTL.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP786\A0179133.exe/resource.0000.pkg/RPCInstall_US.dll -> Downloader.Agent.hym : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180274.dll -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180275.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP787\A0180276.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\chevy\Application Data\Mozilla\Profiles\default\licf46lt.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\chevy\Cookies\chevy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


----------



## MBGraphics

After this scan finished, i rebooted my computer, to check to see if it ran any better, and i noticed it has improoved 

It only took 10 minutes from the time i pushed the power button to the time i could start opening programs without a bunch of lag 
before it was at LEAST 15 minutes, somtimes close to 20.

Thanks so much for all the help, it is so greatly appriciated! 

where did you learn all this? haha


----------



## GameMaster

Wow many nasties cleaned...this AVG Antispyware was a huge boom.
Please, post a fresh HijackThis log so I can tell you are clean.


----------



## MBGraphics

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:33 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15633 bytes


----------



## GameMaster

Hello!
I'd like to say you're clean, but unfortunately I can't, not yet.
Your computer is much faster now, I believe. However there are a few entries that point out on SmitFraud. We will just use Smitfraud Fix and that should help to clean the remnants, at last!
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in *Safe Mode* by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
----------------------------------------------------
Once in Safe Mode, double-click on *SmitfraudFix.exe*
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing *Y* and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if *wininet.dll* is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing *Y* and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at *C:\rapport.txt*.


----------



## MBGraphics

Where can I find this Smitfraudfix.exe? when in safe-mode, i hit start-run-smitfraudfix.exe and it said somthing about it not being found...is it somthing i need to download? if so, where?


----------



## GameMaster

Yes, it is something you need to download.
First, I appologise, I skipped that part with downloading. I suppose my head is a mess nowadays, I am sorry, again.

Please download *SmitfraudFix* (by *S!Ri*).

Now do as explained in the previous post.

I really, really appologise, this took us some time!


----------



## MBGraphics

Hey dont worry about it man, you have done this much for me and Im not sure of the words to use to show how greatly appriciative I am of you doing all this for me 

Thanks for the link


----------



## GameMaster

It's my pleasure to help.
Please tel me if you find anything else difficult.
Also, will you do the SmitfraudFix now?
Please, when you do, post the fresh HijackThis log, too.


----------



## MBGraphics

it wont let me open the smitfraud!! 

it says C:\documents and settings\chevy\desktop\smitfraudfix.exe is not a valid win32 application


----------



## MBGraphics

Never mind!! 

here's the smitfraud notepad:

SmitFraudFix v2.290

Scan done at 10:40:10.68, Mon 02/18/2008
Run from C:\Documents and Settings\chevy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\chevy\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FF1FA0B8-90BF-491A-B226-DA975CF88BA1}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FF1FA0B8-90BF-491A-B226-DA975CF88BA1}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FF1FA0B8-90BF-491A-B226-DA975CF88BA1}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.44 85.255.112.180
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.44 85.255.112.180
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.44 85.255.112.180


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done. 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## MBGraphics

and the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:29 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ViStart\ViStart.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB03021 - {0C0E5FD9-B58D-4321-BA3B-6620E7565C22} - C:\PROGRA~1\FREEZE~1.COM\FREEZE~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154645544\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKCU\..\Run: [Vista Sidebar] "C:\Program Files\Vista Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ViStart] "C:\Program Files\ViStart\ViStart.exe"
O4 - HKCU\..\Run: [ViOrb] "C:\Program Files\ViOrb\ViOrb.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 14385 bytes


----------



## GameMaster

Hello!
SmitfraudFix action was successfull.
Please open up your HijeckThis for the final fix.
Check these entry:
*O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}-*
Close all open windows and click *Fix selected.*

Before you reboot:

Update *Java Runtime*: 

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: *Java Runtime Environment Version 6 Update 4*. 

Go to http://java.sun.com/javase/downloads/index.jsp 

Go to *Java Runtime Environment (JRE) 6 Update 4* and click on Download button.
In Platform box choose Windows.
Check the box to *Accept License Agreement* and click Continue.
Click on *Windows Offline Installation, * click on the link under it which says *"jre-6u4-windows-i586-p.exe"* and save the downloaded file to your desktop. 
Go to *Start* => *Control Panel* => *Add or Remove Programs* 
Uninstall *all* old versions of *Java* (Java 3 Runtime Environment, JRE or JSE) 
Reboot your computer 
Delete the folder *C:\Program Files\Java* if present 
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions. 
Reboot your computer 

When you did all, please inform me, is your pc now running better? Better than better 
I hope everything's fine...
For any eventual problems or if you have anymore questions, feel free to post here!
GameMaster, cheers!


----------



## MBGraphics

It seems to run much better now! 
Thanks so much GameMaster!


----------



## GameMaster

OK. I repeat, this thread is always available for you to ask again.
If you get to experience any problems, this is the place. 
Good luck in surfing and enjoy!


----------



## MBGraphics

Will do! thanks again


----------



## MBGraphics

Hey! 

I was just wondering if you had any more ideas to make my computer run faster, luckly your trick knocked off about 5-10 minutes off the start-up time...but unfortunatly i have a feeling thats still to long. I may be wrong, do you think the computer in my signature should take that long to load up? It's been so long since this thing was new that I cant recall how fast it was.

If you can help me more, great, if not, i completly understand 

Thanks,
Mike


----------

