Thread: Need help with massive spyware...
View Single Post
Old 06-26-2007, 09:15 PM   #1 (permalink)
needhelpasap85
Registered User
 
Join Date: Jun 2007
Location: VA
Posts: 30
OS: XPSP2


Need help with massive spyware...
somehow spyware got onto my computer.. pretty sure it was roomates fault.. but i have used AdAware, Webroot Spysweeper, Spyware X-Terminator, Mcafee, Spybot S&D, and CWShredder and some of these have found things on my computer.. but when i reboot my system the spyware just comes right back... i even tried all in safe mode..still same results... everytime i reboot i get a red triangle with a exclamation point in middle saying virus activites found... blah blah blah im pretty sure thats the spyware... also i get "Error Cleaner", "Spyware & Malware Protection" and one other desktop icon onmy computer every reboot... so if anyone could help me out id appreciate it....

Deckard's System Scanner v20070611.50
Run by Owner on 2007-06-26 at 23:36:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2007-06-27 03:36:29 UTC - RP174 - Deckard's System Scanner Restore Point
37: 2007-06-27 02:19:36 UTC - RP173 - Software Distribution Service 3.0
36: 2007-06-26 17:38:16 UTC - RP172 - Removed Power Tab Editor 1.7
35: 2007-06-26 17:36:47 UTC - RP171 - Removed Guitar Hero Explorer
34: 2007-06-26 07:18:51 UTC - RP170 - Installed McAfee QuickClean 6.0


-- First Restore Point --
1: 2007-03-31 20:15:01 UTC - RP137 - Installed iTunes


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:37:57 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Spyware X-terminator] "C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" -w -b
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - C:\WINDOWS\msdde.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070626-222216-171 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
backup-20070626-222216-868 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
S4 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfee AntiSpyware Service - "c:\progra~1\mcafee\mcafee antispyware\massrv.exe" <Not Verified; McAfee, Inc.; McAfee AntiSpyware>
R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-26 22:31:56 448 --a------ C:\WINDOWS\Tasks\Spyware X-terminator 2005 Update.job
2007-06-26 05:30:05 362 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job
2007-06-22 12:02:44 348 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2007-06-21 18:28:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-06-15 15:41:13 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-26 23:27:24 0 d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26:35 21312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26:06 0 d-------- C:\ie-spyad
2007-06-26 22:41:00 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40:57 424960 --a------ C:\WINDOWS\WRServices.dll <Not Verified; Webroot Software, Inc; >
2007-06-26 22:40:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-06-26 14:45:59 0 d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:45:57 0 d-------- C:\Program Files\StompSoft
2007-06-26 14:25:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-06-26 14:25:28 0 d-------- C:\Program Files\Lavasoft
2007-06-26 13:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-26 13:03:36 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-26 13:00:32 0 d-------- C:\Program Files\Yahoo!
2007-06-26 13:00:12 0 d-------- C:\Program Files\CCleaner
2007-06-26 11:44:29 0 d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 03:14:43 7680 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-06-26 03:14:43 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-26 03:12:20 0 d-------- C:\Program Files\McAfee.com
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 22:35:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 22:35:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-06-25 22:35:10 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-25 17:21:20 30720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 17:21:19 76800 --a------ C:\WINDOWS\msole.dll <Not Verified; ; IEXPLORE>
2007-06-25 17:21:19 87552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 17:21:18 270336 --a------ C:\WINDOWS\ddesupport.dll <Not Verified; ; BhoNew Module>
2007-06-23 13:03:00 0 d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48:18 0 d-------- C:\Program Files\NovaLogic
2007-06-23 12:41:18 0 d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48:41 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-06-22 00:39:13 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29:38 0 d-------- C:\Program Files\Panda Software
2007-06-22 00:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-06-22 00:16:26 0 d-------- C:\Program Files\AIM6
2007-06-22 00:14:22 0 d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-06-06 19:04:54 0 d-------- C:\Documents and Settings\Owner\Application Data\CoreCodec
2007-06-06 19:04:19 0 d-------- C:\Program Files\Haali
2007-06-06 19:04:10 0 d-------- C:\Program Files\CoreCodec
2007-06-05 19:47:00 0 d-------- C:\Program Files\InterActual
2007-06-04 23:09:15 0 d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53:12 0 d-------- C:\ConverterOutput
2007-06-01 01:52:52 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52:51 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52:51 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52:51 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52:50 0 d-------- C:\Program Files\Cucusoft
2007-06-01 01:51:56 0 d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51:14 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-05-30 15:31:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-05-30 15:24:22 0 d-------- C:\Program Files\Nero
2007-05-26 18:04:11 0 d-------- C:\Program Files\CD_DVD-ROM Generator 1.20


-- Find3M Report ---------------------------------------------------------------

2007-06-26 03:21:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 03:19:13 0 d-------- C:\Program Files\McAfee
2007-06-26 03:08:33 0 d-------- C:\Program Files\NoAdware
2007-06-26 02:33:08 0 d-------- C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 00:44:55 0 d-------- C:\Program Files\DVD Region+CSS Free
2007-06-25 2244 0 d-------- C:\Program Files\WinMX
2007-06-25 2210 0 d-------- C:\Program Files\QuickTime
2007-06-25 22:03:54 0 d-------- C:\Program Files\MemTurbo
2007-06-25 22:03:40 0 d-------- C:\Program Files\iTunes
2007-06-25 16:05:11 0 d-------- C:\Program Files\Winamp
2007-06-25 16:05:08 0 d-------- C:\Program Files\Google
2007-06-23 14:08:01 0 d-------- C:\Program Files\iPod
2007-06-23 12:59:17 0 d-------- C:\Program Files\Run-Time
2007-06-23 12:52:32 0 d-------- C:\Program Files\MSN Messenger
2007-06-22 12:02:47 0 d-------- C:\Program Files\XoftSpy
2007-06-22 01:42:23 0 d-------- C:\Program Files\Apple Software Update
2007-06-22 00:18:15 0 d-------- C:\Program Files\Common Files\AOL
2007-06-22 00:18:14 0 d-------- C:\Program Files\AIM
2007-06-19 14:29:56 14 --a------ C:\WINDOWS\popcinfo.dat
2007-06-13 16:18:30 0 d-------- C:\Program Files\Sonic Foundry
2007-06-09 16:32:06 176 --a------ C:\Documents and Settings\Owner\Application Data\iPod Access v2 Prefs
2007-06-06 19:17:10 0 d-------- C:\Program Files\The FilmMachine
2007-05-30 15:24:26 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-30 15:16:43 0 d-------- C:\Program Files\Ahead
2007-05-25 20:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data\OnReally
2007-05-21 14:38:27 0 d-------- C:\Program Files\DVD Shrink <DVDSHR~1>
2007-05-21 14:34:58 0 d-------- C:\Program Files\DVDSHR~1.SH!
2007-05-15 22:38:43 48 --ah----- C:\Documents and Settings\Owner\Application Data\iPodAccess_OwnerName
2007-05-15 22:36:42 11 --ah----- C:\Documents and Settings\Owner\Application Data\iPodAccess_Time
2007-04-29 15:01:50 0 --a------ C:\WINDOWS\PowerReg.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{49CF52D7-8D58-4E22-A874-AAD721F5B523} C:\WINDOWS\ddesupport.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"qvyuxefcfc"="c:\\windows\\system32\\qvyuxefcfc.exe qvyuxefcfc"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\masalert.exe"
"McRegWiz"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcregwiz.exe /autorun"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MSKAgentExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"Spyware X-terminator"="\"C:\\Program Files\\StompSoft\\SpywareXterminatorV5\\SpywareX.exe\" -w -b"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"McAfee QuickClean Imonitor"="C:\\Program Files\\McAfee\\McAfee QuickClean\\Plguni.exe /START"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"msole"="{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}"
"msdde"="{9445C360-7A41-4937-924C-E316C9591DE1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\AutorunsDisabled]
"msdde"="{B55413CD-0BCF-4549-ACCD-50C4641714A0}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1158036007\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetHook"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray"
"hkey"="HKLM"
"command"="MMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readericon45G"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2007-06-26 at 23:38:32 ---------
Last edited by needhelpasap85; 06-26-2007 at 09:41 PM.
needhelpasap85 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here