Attn Everyone, Help Needed Asap!

So here is what is going down. I've got things starting up in windows, that shouldn't be there. I used everything to scan and look, nothing. And just recently, I went to go use PS, and it says no memory. I have 1gb of memory. So I thought, I will reinstall it. I go to add/remove programs, and it only shows about 8 programs. Two days ago, I hade about 40.


Please, I really need some help.

Here is my Hijack This Log:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\MSN Plus\MsgPlus.exe
C:\WINDOWS\System32\csmss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
D:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MYIE2\MyIE.exe
D:\Josh\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL
O2 - BHO: ghgfzjzmrzbwpnnnodrl - {31068336-86e6-436d-b2af-544c55e7c712} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ecrcrxhprvp - {1d480cc5-d074-44a6-9b7f-6364a4f3dcd9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [svshosts] svshosts.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [Spool Server] spoolsv64.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MsgApi] C:\WINDOWS\System32\csmss.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKLM\..\Run: [Microsoft Auto Update] winhlp16.exe
O4 - HKLM\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKLM\..\Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [svshosts] svshosts.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamagr32.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvrs.exe
O4 - HKLM\..\RunServices: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKLM\..\RunServices: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKLM\..\RunServices: [msn] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\RunServices: [Spool Server] spoolsv64.exe
O4 - HKLM\..\RunServices: [Syntax] windows32.exe
O4 - HKLM\..\RunServices: [Microsoft Auto Update] winhlp16.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKLM\..\RunOnce: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /C
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
O4 - HKCU\..\Run: [Spool Server] spoolsv64.exe
O4 - HKCU\..\Run: [Microsoft Auto Update] winhlp16.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamagr32.exe
O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKCU\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: PhoenixNet - {372be6c0-d28e-11d4-9a23-c7a65bdf9548} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLITE\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLITE\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.110:8041/Java/cs4ms090.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00010/chm.chm::/files/initial.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031016/akamai.info.apple.com/iTunes4/WW/win/061-0840.20031016.sAc49/iTunesSetup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FC370F-77C6-4EAD-9352-08E6A76D8F57}: NameServer = 206.47.244.56 206.47.244.106
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - AppInit_DLLs: sockspy.dll

I am kind of in a rush to get some other stuff done so I can't do much at the moment, but check this:

Open Regedit --

Start --> Run --> regedit

Look for this entry:

HKEY_LOCAL_MACHINE --> SOFTWARE --> Microsoft -->Windows --> CurrentVersion --> Run

and show us what is in there.

Also do a cntrl-alt-del and show what Task Manager says, both the processes running and your Performance, what does pagefile and physical memory say... Try it when opening photoshop as well. Keep Task Manager open so you can monitor the performance of the machine...

Also go to Setting --> Control Panel --> Admin Tools --> Event Viewer

Check your Application and System logs... The M$ Knowledge base is about as useful as a bucket of bent nails, and the code messages are about as legible as written Ndaka , but you might see buttloads of errors and maybe some hint of what app or service is erroring...

If you have to copy and paste / take screenshots so we can see what is going on...

You might have loads of adware/spyware/viruses or something... don't know...

Im guessing some virus or worm.

Should I perhaps do a system restore?

No. If it is a virus / worm you need to remove it first or it will just restart itself again. Open a terminal (start --> run --> cmd) and type: netstat

If you have a worm or virus it should be opening tons of ports.

You need to figure out what you have in order to repair it. Once you do (if it is a worm or virus) you can go to www.symantec.com and search for it and they will either have an executable file to rid the worm / virus or how to manually do it.

If you are running any major AV software typically it will be shutdown automatically by a virus, so that is usually a good clue you have been infected.

If you aren't behind a firewall, you are seeing firsthand why it's a good idea. A lot of auto installing crap spyware and viruses will be blocked and unable to execute if you just have a firewall of some kind going on (unless you open it yoruself). The minimal is software based, like Norton or a free one by Zone Labs.

But you are better off not relying on a software firewall and go for something embedded, like my favortie: http://m0n0.ch/wall/
which is configurable enough that large companies can use it. All you need is another pc, can be old as dirt (p2 or p1) and does not require a hard drive. Just need a floppy and a cd-rom and 2 nic cards. It's easy to set up and if you need help just give me a holler.

From doing a search on some of your processes (some of it's spyware):

http://forums.spywareinfo.com/index.php?showtopic=9010

Thanks for the help marble.

After all the scanning and looking I've done, I'm thinking maybe I should just reformat my C Drive.

Well that would be quite the M$ fix! If you have no data to lose that would be the simplest. But then you never would figure out what was wrong.

But remember to have updated AV software and a good firewall, and check windows update often and you shouldn't run into these kinds of problems.

Actually, I don't think I can, because I don't own a copy of the Windows I am running now...