Author Topic: Clickspring removal-- what's the best method? (Read 2917 times)

newt3 · « **Reply #20 on:** August 02, 2007, 08:18:51 AM »

questsolo,
Here's the ComboFix log. As for performance... I don't want to jinx it, but things seem like they're back to normal. Woo hoo! I haven't had any unwanted pop ups and speed seems like it's back to original levels. You are the MAN/WOMAN! How come the big companies like McAfee and Norton can't fix things like you guys?

newt

ComboFix 07-07-30.2 - "Matthew" 2007-08-02 8:42:43.2 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

2007-08-01 10:32   <DIR>   d--------   C:\DOCUME~1\Matthew\DoctorWeb
2007-08-01 10:29   <DIR>   d--------   C:\Program Files\CCleaner
2007-07-31 09:21   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-07-26 14:48   76,560   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-07-26 14:48   <DIR>   d--------   C:\Program Files\Trend Micro
2007-07-26 14:38   <DIR>   d--------   C:\DOCUME~1\Matthew\APPLIC~1\Viewpoint
2007-07-25 12:45   143,360   --a------   C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-07-25 12:36   79,304   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-07-25 12:36   40,488   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-07-25 12:36   35,240   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-07-25 12:36   33,800   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-07-25 12:36   201,288   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-07-25 12:35   113,952   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-07-25 12:27   <DIR>   d--------   C:\Program Files\McAfee
2007-07-25 12:26   <DIR>   d--------   C:\Program Files\Common Files\McAfee
2007-07-25 11:11   <DIR>   d--------   C:\DOCUME~1\Matthew\APPLIC~1\McAfee
2007-07-25 11:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-23 22:59   <DIR>   d--------   C:\Program Files\Enigma Software Group
2007-07-23 00:11   465,209   --a------   C:\temp\bY001.exe
2007-07-23 00:11   <DIR>   d--------   C:\tempc2
2007-07-23 00:10   <DIR>   d--------   C:\temp\brr

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 11:57   ---------   d--------   C:\Program Files\Trillian
2007-07-25 12:53   ---------   d--------   C:\Program Files\McAfee.com
2007-07-25 11:53   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-07-25 11:53   ---------   d--------   C:\Program Files\WinMX
2007-07-25 11:53   ---------   d--------   C:\Program Files\Symantec
2007-07-25 11:53   ---------   d--------   C:\Program Files\Common Files\Symantec Shared
2007-07-25 11:45   ---------   d--------   C:\Program Files\Lavasoft
2007-07-23 01:16   ---------   d--------   C:\Program Files\Online Services
2007-07-13 13:17   ---------   d--------   C:\Program Files\Picasa2
2007-06-13 11:42   ---------   d--------   C:\Program Files\eFax Messenger Plus
2007-06-12 02:52   ---------   d--------   C:\Program Files\Cryptainer PE
2007-06-05 13:25   ---------   d--------   C:\Program Files\iTunes
2007-06-05 13:25   ---------   d--------   C:\Program Files\iPod
2007-06-05 13:19   ---------   d--------   C:\Program Files\Apple Software Update
2007-06-04 14:35   ---------   d--------   C:\DOCUME~1\Matthew\APPLIC~1\eFax Messenger
2007-06-04 14:15   ---------   d--------   C:\Program Files\eFax Messenger 4.3
2007-05-16 10:12   683520   --a------   C:\WINDOWS\system32\inetcomm.dll
2007-04-08 22:21   109984   --a--c---   C:\DOCUME~1\Matthew\APPLIC~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-01-16 16:16]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 18:21]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 18:20]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-07-13 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-11-07 15:49]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 09:32]

C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-07-26 14:48:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Network Hard Drive Administrator.lnk - C:\Program Files\Iomega\Network Hard Drive\Admin.exe [2003-12-10 16:23:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 09:51 24638 C:\WINDOWS\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax.com Tray Menu.lnk
backup=C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup=C:\WINDOWS\pss\Live Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^QuickLink.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\QuickLink.lnk
backup=C:\WINDOWS\pss\QuickLink.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Web Chrono Desktop.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\Web Chrono Desktop.lnk
backup=C:\WINDOWS\pss\Web Chrono Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bklwf]
C:\WINDOWS\bklwf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
"C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup 1.0.1]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup Pro]
"C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
c:\windows\system32\msbb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Stopper]
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
"C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp3\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\PROGRA~1\Zinio\ZDLM.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 Gernuwa;Gernuwa;C:\WINDOWS\system32\drivers\Gernuwa.sys
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
R2 LanScsiHelper;LANSCSI Helper Service;C:\Program Files\Iomega\Network Hard Drive\LDServ.exe
R2 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys
R2 MSSQL$AWDLOCALDB;MSSQL$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlservr.exe -sAWDLOCALDB
R2 ssoftnt4;ssoftnt4;\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys
R2 tcaicchg;tcaicchg;\??\C:\WINDOWS\System32\tcaicchg.sys
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
R3 Dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
R3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
R3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS 5.0 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
R3 el575nd5;FE575C-3Com 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys
R3 lanscsibus;LANSCSI Bus Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsibus.sys
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys
S2 0104361185974316mcinstcleanup;McAfee Application Installer Cleanup (0104361185974316);C:\WINDOWS\TEMP10436~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
S3 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 EL556ND5;3Com 10/100 Mini PCI Ethernet Adapter NDIS5 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
S3 lanscsiminiport;LANSCSI Miniport Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsiminiport.sys
S3 OASIS;OASIS;C:\WINDOWS\system32\drivers\oasisusb.sys
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\system32\snmptrap.exe
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 SQLAgent$AWDLOCALDB;SQLAgent$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlagent.EXE -i AWDLOCALDB
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Matthew\LOCALS~1\Temp\tni4D8.tmp
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
S4 IISADMIN;IIS Admin;C:\WINDOWS\System32\inetsrv\inetinfo.exe

Contents of the 'Scheduled Tasks' folder
2007-07-27 22:15:06 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
2007-07-31 18:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2002-04-16 13:34:48 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
2007-07-25 17:31:52 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-25 17:31:50 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 08:53:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-02 8:58:22
C:\ComboFix-quarantined-files.txt ... 2007-08-02 08:56
C:\ComboFix2.txt ... 2007-07-31 10:20

   --- E O F ---

guestolo · « **Reply #21 on:** August 02, 2007, 06:58:55 PM »

If MyWebSearch is in your Add/remove programs
Uninstall it

Let's try one last shot with Combofix please
But do the following

Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\Belt.exe
C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\WINDOWS\bklwf.exe
C:\windows\system32\msbb.exe
C:\WINDOWS\System32\SahAgent.exe

Folder::
C:\tempc2
C:\temp
C:\Documents and Settings\Matthew\DoctorWeb
C:\Program Files\MyWebSearch

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bklwf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]

Save this file with the name of
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

And one last hijackthis log please

newt3 · « **Reply #22 on:** August 02, 2007, 09:59:34 PM »

questolo,
MyWebSearch wasn't in my Add/Remove list. Here are the results from the ComboFix and HJT processes...
[attachment=3537:hijackthis5.txt]

ComboFix 07-07-30.2 - "Matthew" 2007-08-02 21:54:39.3 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Matthew\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Matthew\DoctorWeb
C:\Documents and Settings\Matthew\DoctorWeb\CureIt.log
C:\temp
C:\tempc2\tmpFF.log
C:\temp\adobe photoshop 7.0 serial.txt
C:\temp\bY001.exe
C:\temp\commission11-12-04.pdf
C:\temp\commission13-JAN-05.pdf
C:\temp\commission14-dec-04.pdf
C:\temp\commission28-oct-04.pdf
C:\temp\commission29-dec-04.pdf
C:\temp\commission29-nov-04.pdf
C:\temp\commissiontest003002.pdf
C:\temp\commissiontest003002.txt
C:\temp\commissiontest003002.xml
C:\temp\commissiontest01-12-04--X.bmp
C:\temp\commissiontest01-12-04--X.txt
C:\temp\commissiontest01-12-04--X2.txt
C:\temp\commissiontest01-12-04--X3.txt
C:\temp\commissiontest01-12-04.bmp
C:\temp\commissiontest01-12-04.txt
C:\temp\commissiontest01-12-04.xml
C:\temp\commtest.txt
C:\temp\downloadingcomm.doc
C:\temp\Photoshop\_INST32I.EX_
C:\temp\Photoshop\_ISDel.exe
C:\temp\Photoshop\_Setup.dll
C:\temp\Photoshop\_sys1.cab
C:\temp\Photoshop\_sys1.hdr
C:\temp\Photoshop\_user1.cab
C:\temp\Photoshop\_user1.hdr
C:\temp\Photoshop\Abcpy.ini
C:\temp\Photoshop\DATA.TAG
C:\temp\Photoshop\data1.cab
C:\temp\Photoshop\data1.hdr
C:\temp\Photoshop\lang.dat
C:\temp\Photoshop\layout.bin
C:\temp\Photoshop\os.dat
C:\temp\Photoshop\Photoshop 7.0 ReadMe.wri
C:\temp\Photoshop\Setup.bmp
C:\temp\Photoshop\Setup.exe
C:\temp\Photoshop\SETUP.INI
C:\temp\Photoshop\setup.ins
C:\temp\Photoshop\setup.lid

((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))

2007-08-01 10:29 <DIR> d-------- C:\Program Files\CCleaner
2007-07-31 09:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 14:48 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-07-26 14:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-26 14:38 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\Viewpoint
2007-07-25 12:45 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-07-25 12:36 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-07-25 12:36 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-07-25 12:36 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-07-25 12:36 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-07-25 12:36 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-07-25 12:35 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-07-25 12:27 <DIR> d-------- C:\Program Files\McAfee
2007-07-25 12:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-25 11:11 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\McAfee
2007-07-25 11:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-23 22:59 <DIR> d-------- C:\Program Files\Enigma Software Group

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 22:10 --------- d-------- C:\Program Files\Trillian
2007-07-25 12:53 --------- d-------- C:\Program Files\McAfee.com
2007-07-25 11:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 11:53 --------- d-------- C:\Program Files\WinMX
2007-07-25 11:53 --------- d-------- C:\Program Files\Symantec
2007-07-25 11:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-25 11:45 --------- d-------- C:\Program Files\Lavasoft
2007-07-23 01:16 --------- d-------- C:\Program Files\Online Services
2007-07-13 13:17 --------- d-------- C:\Program Files\Picasa2
2007-06-13 11:42 --------- d-------- C:\Program Files\eFax Messenger Plus
2007-06-12 02:52 --------- d-------- C:\Program Files\Cryptainer PE
2007-06-05 13:25 --------- d-------- C:\Program Files\iTunes
2007-06-05 13:25 --------- d-------- C:\Program Files\iPod
2007-06-05 13:19 --------- d-------- C:\Program Files\Apple Software Update
2007-06-04 14:35 --------- d-------- C:\DOCUME~1\Matthew\APPLIC~1\eFax Messenger
2007-06-04 14:15 --------- d-------- C:\Program Files\eFax Messenger 4.3
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-08 22:21 109984 --a--c--- C:\DOCUME~1\Matthew\APPLIC~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-01-16 16:16]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 18:21]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 18:20]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-07-13 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-11-07 15:49]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 09:32]

C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-07-26 14:48:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Network Hard Drive Administrator.lnk - C:\Program Files\Iomega\Network Hard Drive\Admin.exe [2003-12-10 16:23:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 09:51 24638 C:\WINDOWS\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax.com Tray Menu.lnk
backup=C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup=C:\WINDOWS\pss\Live Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^QuickLink.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\QuickLink.lnk
backup=C:\WINDOWS\pss\QuickLink.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Web Chrono Desktop.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\Web Chrono Desktop.lnk
backup=C:\WINDOWS\pss\Web Chrono Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
"C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup 1.0.1]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup Pro]
"C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Stopper]
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
"C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp3\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\PROGRA~1\Zinio\ZDLM.exe /hide

R0 Gernuwa;Gernuwa;C:\WINDOWS\system32\drivers\Gernuwa.sys
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
R2 LanScsiHelper;LANSCSI Helper Service;C:\Program Files\Iomega\Network Hard Drive\LDServ.exe
R2 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys
R2 MSSQL$AWDLOCALDB;MSSQL$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlservr.exe -sAWDLOCALDB
R2 ssoftnt4;ssoftnt4;\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys
R2 tcaicchg;tcaicchg;\??\C:\WINDOWS\System32\tcaicchg.sys
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
R3 Dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
R3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
R3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS 5.0 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
R3 el575nd5;FE575C-3Com 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys
R3 lanscsibus;LANSCSI Bus Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsibus.sys
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys
S2 0104361185974316mcinstcleanup;McAfee Application Installer Cleanup (0104361185974316);C:\WINDOWS\TEMP10436~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
S3 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 EL556ND5;3Com 10/100 Mini PCI Ethernet Adapter NDIS5 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
S3 lanscsiminiport;LANSCSI Miniport Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsiminiport.sys
S3 OASIS;OASIS;C:\WINDOWS\system32\drivers\oasisusb.sys
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\system32\snmptrap.exe
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 SQLAgent$AWDLOCALDB;SQLAgent$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlagent.EXE -i AWDLOCALDB
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Matthew\LOCALS~1\Temp\tni4D8.tmp
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
S4 IISADMIN;IIS Admin;C:\WINDOWS\System32\inetsrv\inetinfo.exe

Contents of the 'Scheduled Tasks' folder
2007-07-27 22:15:06 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
2007-07-31 18:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2002-04-16 13:34:48 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
2007-07-25 17:31:52 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-25 17:31:50 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 22:14:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-02 22:24:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 22:23
C:\ComboFix2.txt ... 2007-08-02 08:58
C:\ComboFix3.txt ... 2007-07-31 10:20

--- E O F ---
[attachment=3537:hijackthis5.txt]

guestolo · « **Reply #23 on:** August 03, 2007, 12:12:54 PM »

It appears you use to have Symantec's(Norton's)

You should be able to safely disable this service in your hijackthis log
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

It should have no effect on Norton Ghost
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

SymWMI Service

Right click on it and choose "Properties".
Beside "Startup Type" in the dropdown menu select "Disabled".
On the "General" tab under "Service Status", if selectable, click the "Stop" button to stop the service.
Click Apply then OK.
Exit

Combofix quarantined some files related to Photoshop
I'm unsure of what means you acquired these, possibly illegally downloaded??
I'm not going to preach to you about it
Just be Very careful with what you download, many illegal downloads carry malware
It is in a temp directory, are you having any problems with Photoshop?
Do you have it installed?

If everything is running ok, we'll do some final steps, just let me know the above please

newt3 · « **Reply #24 on:** August 03, 2007, 01:40:49 PM »

I used to use Norton but now use McAfee since my ISP gives it to me for free. I thought I removed it when I switched over.
As for Photoshop, it is installed but I didn't download it off the internet. I actually haven't used it in a while and really don't use it much at all since I'm not that much of an artist. The few times I have used it, I can't remember any problems using it.
Everything else you outlined I've done.

guestolo · « **Reply #25 on:** August 03, 2007, 02:07:06 PM »

Do you have the latest version of Spybot installed?
Open Spybot, select
HELP>>ABOUT
Can you supply Spybot version and detection update date please

newt3 · « **Reply #26 on:** August 03, 2007, 03:39:43 PM »

I had removed it after it didn't help with this problem initially.
However, I just downloaded it again. It's version 1.4, with a detection update date of 8-1-2007.

guestolo · « **Reply #27 on:** August 03, 2007, 03:47:12 PM »

[quote name=\'newt3\' post=\'368025\' date=\'Aug 3 2007, 01:39 PM\']I had removed it after it didn't help with this problem initially.
However, I just downloaded it again. It's version 1.4, with a detection update date of 8-1-2007.[/quote]
Thanks for reminding me to check for updates with Spybot, I was about 5 days behind

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

If everything is running better
I suggest that you still do the following

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
Windows will prompt when it was created successfully
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I would add a bit more protection to this computer
Install
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Hold onto Spybot
Utilize the Immunization feature in Spybot 1.4
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross

If there are other user profiles on the computer, have them login and
click the "enable all protections" with Spywareblaster under the Protection tab
and Immunize with Spybot after every update

Let's remove some files/folders that we used/produced
Download this tool:
[color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Select Yes to reboot Now

After reboot you can empty your recycle bin

If all is well, I'll lock this topic
Check back in and let me know please

newt3 · « **Reply #28 on:** August 13, 2007, 09:30:42 PM »

[quote name=\'guestolo\' post=\'368029\' date=\'Aug 3 2007, 03:47 PM\']Thanks for reminding me to check for updates with Spybot, I was about 5 days behind

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

If everything is running better
I suggest that you still do the following

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
Windows will prompt when it was created successfully
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I would add a bit more protection to this computer
Install
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Hold onto Spybot
Utilize the Immunization feature in Spybot 1.4
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross

If there are other user profiles on the computer, have them login and
click the "enable all protections" with Spywareblaster under the Protection tab
and Immunize with Spybot after every update

Let's remove some files/folders that we used/produced
Download this tool:
[color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Select Yes to reboot Now

After reboot you can empty your recycle bin

If all is well, I'll lock this topic
Check back in and let me know please[/quote]

Hey questolo,
Sorry for taking so long to respond. Anyway, looks like you're the man! I've followed your plan, and so far, no problems. Thanks man. Woo hoo!!!

guestolo · « **Reply #29 on:** August 21, 2007, 09:06:18 PM »

Glad to help
I'll lock this topic as your problems appear resolved
Take care newt3

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Clickspring removal-- what's the best method? (Read 2917 times)

newt3

Clickspring removal-- what's the best method?

guestolo

Clickspring removal-- what's the best method?

newt3

Clickspring removal-- what's the best method?

guestolo

Clickspring removal-- what's the best method?

newt3

Clickspring removal-- what's the best method?

guestolo

Clickspring removal-- what's the best method?

newt3

Clickspring removal-- what's the best method?

guestolo

Clickspring removal-- what's the best method?

newt3

Clickspring removal-- what's the best method?

guestolo

Clickspring removal-- what's the best method?