hijack this report needs reviewed please help

Question

Red X Vundo virus hijack this report needs reviewed please help. Thank you in advance to helping me resolve this virus and the slow responce to my laptop.                     Laptop is a Dell Inspiron 1000   windows Xp Thanks  Peter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:42:43 AM, on 2/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\System32\keyhook.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Eryn Rusta\Desktop\VundoFix.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {41531C00-81C4-E55D-90DB-878AD9A0FCC3} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {40531C03-81B2-952F-90AD-F28AAFABFCC3} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: {089037f2-95e5-22c9-a534-b81a0edbf972} - {279fbde0-a18b-435a-9c22-5e592f730980} - (no file) O2 - BHO: (no name) - {31E6234A-EDA7-FE6D-80FF-C76942F389CF} - (no file) O2 - BHO: (no name) - {76988D20-15CE-5B5E-EB61-6E2365C4C7CE} - (no file) O2 - BHO: (no name) - {7A2AF0BB-3F25-52E7-72C6-66D4FC71C1CD} - (no file) O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {DA0235BA-B163-E1DA-03D2-85B3CB547AA1} - (no file) O2 - BHO: (no name) - {EB2F05B9-9C53-D799-2EE6-B69E8D6D5791} - (no file) O2 - BHO: (no name) - {F5C19EA8-0360-39F4-6043-0B6244CF1E9E} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe' O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [MSConfig] 'C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe' /auto O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] 'c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe' O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [Acrobat Assistant 7.0] 'C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe' O4 - HKLM\..\Run: [Adobe Version Cue CS2] 'C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe' O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] 'C:\Program Files\Messenger\MSMSGS.EXE' /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] 'C:\Program Files\Messenger\MSMSGS.EXE' /background (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190766095775 O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file) O20 - Winlogon Notify: hggefcc - hggefcc.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9341 bytes

Lazer482u2 · Answer

Updated hijack files:

I deleted items from original list that I thought were un needed or had no files at the end.

Still have the red X on drive C:

Last scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:43 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2563 bytes

bamajim · Answer

Lazer482u2

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Lazer482u2 · Answer

THAnks for responding to me with this computer issue. Below is the log file you requested from Combofix .
Below that is a log file from Hijack this after I ran combo Fix I seperated them with several space to clearly indicate two logs.

Thanks again
Peter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:43 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2563 bytes

Hijack log below looks like Combofix log ???????????????????????????????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:47 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2766 bytes

bamajim · Answer

Lazer482u2

You posted the Hijackthis log twice. The Combofix log can be found at C:\Combofix.txt or inside the C:\Combofix folder.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Lazer482u2 · Answer

ComboFix 08-02.05.3 - Eryn Rusta 2008-02-07 7:17:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -5:00]
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 19:33 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-30 02:28 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-01-30 02:28 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-01-30 02:28 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-21 07:55 . 2008-01-21 07:55        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Symantec
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 14:39 . 2008-01-20 18:33    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:44 . 2008-02-03 11:48        d--------    C:\Program Files\Norton 360
2008-01-14 00:40 . 2008-01-20 18:07    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-14 00:40 . 2008-01-20 18:07    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-14 00:40 . 2008-01-20 18:07    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-14 00:40 . 2008-01-20 18:07    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-14 00:38 . 2008-01-20 18:08        d--------    C:\Program Files\Symantec
2008-01-14 00:38 . 2008-02-03 23:12        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 00:34 . 2008-02-03 23:12        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-11-07 09:26    721,920    ----a-w    C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26    721,920    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"="C:\WINDOWS\System32\??chost.exe" [2004-08-03 23:56 14336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 17:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-08-12 21:17 136768 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SPTISRV"=3 (0x3)
"Netlogon"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"Fax"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - ADOBE_LM_SERVICE
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 07:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 7:23:44
ComboFix-quarantined-files.txt 2008-02-07 12:23:12
ComboFix2.txt 2008-02-07 00:45:35
.
2008-02-03 23:09:29    --- E O F ---

bamajim · Answer

Lazer482u2   Good work, tell me what's going on with your PC now.     Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Lazer482u2 · Answer

Thanks again for your help.       The red X is still on Drive C:         The system is runing with a little drag but not asslow as it was before combo fix.    I ran combo fix again but still Red X on C:

Can I delete some of these lines that point to AIM, AOL and others that have no file to help clean up boot time ???

Combo fix latest log file below.

ComboFix 08-02.05.3 - Eryn Rusta 2008-02-08 20:54:43.3 - NTFSx86
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-07 07:15 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-30 02:28 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-01-30 02:28 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-01-30 02:28 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-21 07:55 . 2008-01-21 07:55        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Symantec
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 14:39 . 2008-01-20 18:33    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:44 . 2008-02-03 11:48        d--------    C:\Program Files\Norton 360
2008-01-14 00:40 . 2008-01-20 18:07    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-14 00:40 . 2008-01-20 18:07    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-14 00:40 . 2008-01-20 18:07    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-14 00:40 . 2008-01-20 18:07    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-14 00:38 . 2008-01-20 18:08        d--------    C:\Program Files\Symantec
2008-01-14 00:38 . 2008-02-03 23:12        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 00:34 . 2008-02-03 23:12        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"="C:\WINDOWS\System32\??chost.exe" [2004-08-03 23:56 14336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-08-12 21:17 136768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 21:01:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 21:05:10
ComboFix-quarantined-files.txt 2008-02-09 02:05:02
ComboFix2.txt 2008-02-07 12:23:45
ComboFix3.txt 2008-02-07 00:45:35
.
2008-02-03 23:09:29    --- E O F ---

bamajim · Answer

Lazer482u2 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File::C:\WINDOWS\System32\??chost.exeRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'Vogykerb'=-'ctfmon.exe'=- Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply 2. Rerun Hijackthis and post a fresh Hijackthis log as well Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Lazer482u2 · Answer

ComboFix 08-02.05.3 - Eryn Rusta 2008-02-07 7:17:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -5:00]
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 19:33 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-30 02:28 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-01-30 02:28 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-01-30 02:28 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-21 07:55 . 2008-01-21 07:55        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Symantec
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 14:39 . 2008-01-20 18:33    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:44 . 2008-02-03 11:48        d--------    C:\Program Files\Norton 360
2008-01-14 00:40 . 2008-01-20 18:07    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-14 00:40 . 2008-01-20 18:07    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-14 00:40 . 2008-01-20 18:07    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-14 00:40 . 2008-01-20 18:07    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-14 00:38 . 2008-01-20 18:08        d--------    C:\Program Files\Symantec
2008-01-14 00:38 . 2008-02-03 23:12        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 00:34 . 2008-02-03 23:12        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-11-07 09:26    721,920    ----a-w    C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26    721,920    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"="C:\WINDOWS\System32\??chost.exe" [2004-08-03 23:56 14336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 17:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-08-12 21:17 136768 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SPTISRV"=3 (0x3)
"Netlogon"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"Fax"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - ADOBE_LM_SERVICE
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 07:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 7:23:44
ComboFix-quarantined-files.txt 2008-02-07 12:23:12
ComboFix2.txt 2008-02-07 00:45:35
.
2008-02-03 23:09:29    --- E O F ---

bamajim · Answer

Lazer482u2 Post a fresh Hijackthis log and include an update on how your PC is running now.   Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Lazer482u2 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:24 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5309 bytes

bamajim · Answer

Lazer482u2   And how's your PC running now?     Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Lazer482u2 · Answer

very slow responce and red X on drive C:

bamajim · Answer

Lazer482u2 O.k. Go HERE and Download System Repair Engineer by smallfrogs Select local download1 or 2 Save it to your Desktop Rt Click sreng2.zip->>Extract all->>Extract it to your desktop Open the sreng folder Double click SREngPS.exe->>Click Run At the main Window, in the left Pane,Select Smart Scan At the next window make sure all of the boxes are checked and Select Scan When the scan is complete Select Save reports Save it to your desktop and Close the tool Double Click SREngLog.txt copy and paste that log as a reply to this thread Do not run any other options with this tool unless instructed to do so. You may have to post the results in more than one reply Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

Virus & Spyware

Was this post helpful?