Tech Support Forum - View Single Post

needhelpasap85 · 06-26-2007, 09:53 PM

lookin on the other help forums i see this is necessary in most cases.. so i guess ahead of time heres the combo fix log:

"Owner" - 2007-06-27 0:50:24 - ComboFix 07-06-27.5 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qvyuxefcfc.dat
C:\WINDOWS\system32\qvyuxefcfc.exe
C:\WINDOWS\system32\qvyuxefcfc_nav.dat
C:\WINDOWS\system32\qvyuxefcfc_navps.dat

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 23:36 <DIR> d-------- C:\Deckard
2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26 <DIR> d-------- C:\ie-spyad
2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll
2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft
2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner
2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-06-26 03:14 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-06-26 03:14 7,680 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-25 17:21 87,552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 17:21 76,800 --a------ C:\WINDOWS\msole.dll
2007-06-25 17:21 30,720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 17:21 270,336 --a------ C:\WINDOWS\ddesupport.dll
2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic
2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software
2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali
2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec
2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec
2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual
2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput
2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee
2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware
2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free
2007-06-26 02

44 -------- d-----w C:\Program Files\WinMX
2007-06-26 02

10 -------- d-----w C:\Program Files\QuickTime
2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo
2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes
2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp
2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google
2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod
2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time
2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger
2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy
2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update
2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM
2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine
2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead
2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally
2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink
2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [2007-06-25 05:08]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 17:16]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-07-15 12:20]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}"="C:\WINDOWS\msole.dll" [2007-06-25 05:08]
"{9445C360-7A41-4937-924C-E316C9591DE1}"="C:\WINDOWS\msdde.dll" [2007-06-25 05:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

Contents of the 'Scheduled Tasks' folder
2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job
2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job
2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job
2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 00:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 0:52:29
C:\ComboFix-quarantined-files.txt ... 2007-06-27 00:52

--- E O F ---

06-26-2007, 09:53 PM	#2 (permalink)
needhelpasap85 Registered User Join Date: Jun 2007 Location: VA Posts: 30 OS: XPSP2	Re: Need help with massive spyware... lookin on the other help forums i see this is necessary in most cases.. so i guess ahead of time heres the combo fix log: "Owner" - 2007-06-27 0:50:24 - ComboFix 07-06-27.5 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\Desktop\internet.lnk C:\WINDOWS\dat.txt C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\qvyuxefcfc.dat C:\WINDOWS\system32\qvyuxefcfc.exe C:\WINDOWS\system32\qvyuxefcfc_nav.dat C:\WINDOWS\system32\qvyuxefcfc_navps.dat ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 ))))))))))))))))))))))))))))))) 2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-26 23:36 <DIR> d-------- C:\Deckard 2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe 2007-06-26 23:26 <DIR> d-------- C:\ie-spyad 2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll 2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll 2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot 2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft 2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner 2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo! 2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner 2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1 2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-06-26 03:14 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys 2007-06-26 03:14 7,680 --a------ C:\WINDOWS\system32\MpfApi.dll 2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll 2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com 2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL 2007-06-25 17:21 87,552 --a------ C:\WINDOWS\msdde.dll 2007-06-25 17:21 76,800 --a------ C:\WINDOWS\msole.dll 2007-06-25 17:21 30,720 --a------ C:\WINDOWS\main_uninstaller.exe 2007-06-25 17:21 270,336 --a------ C:\WINDOWS\ddesupport.dll 2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic 2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat 2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software 2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP 2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6 2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads 2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali 2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec 2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec 2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual 2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter 2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput 2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll 2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll 2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft 2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter 2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc 2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee 2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware 2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus 2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free 2007-06-26 0244 -------- d-----w C:\Program Files\WinMX 2007-06-26 0210 -------- d-----w C:\Program Files\QuickTime 2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo 2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes 2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp 2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google 2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod 2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time 2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger 2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy 2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update 2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL 2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM 2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat 2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry 2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine 2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead 2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead 2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20 2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally 2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink 2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH! 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56] {49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [2007-06-25 05:08] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 17:16] "_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-07-15 12:20] "MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42] "Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37] "McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00] "AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Power2GoExpress"=NA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}"="C:\WINDOWS\msole.dll" [2007-06-25 05:08] "{9445C360-7A41-4937-924C-E316C9591DE1}"="C:\WINDOWS\msdde.dll" [2007-06-25 05:08] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] MMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon] C:\Program Files\Digital Media Reader\readericon45G.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 Contents of the 'Scheduled Tasks' folder 2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job 2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job 2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job 2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-27 00:51:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-27 0:52:29 C:\ComboFix-quarantined-files.txt ... 2007-06-27 00:52 --- E O F ---