Tech Support Forum - View Single Post

needhelpasap85 · 06-27-2007, 04:29 PM

kaspersky and the other online scanner isnt working still no clue why... but heres the rest...

Logfile of HijackThis v1.99.1
Scan saved at 6:27:35 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\DVDREG~2\DVDRegionFree.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)
O2 - BHO: (no name) - {8D99D2A3-317C-4929-8A5D-21140259D93A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Spyware X-terminator] "C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" -w -b
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [qvyuxefcfc] c:\windows\system32\qvyuxefcfc.exe qvyuxefcfc
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - (no file)
O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - (no file)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

and heres the combofix

"Owner" - 2007-06-27 18:21:37 - ComboFix 07-06-27.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\ddesupport.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-27 18:22 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-06-27 17:28 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-27 14:35 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-27 14:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-06-27 14:33 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-27 14:31 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-27 14:08 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-27 13:56 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2007-06-27 13:56 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2007-06-27 13:56 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2007-06-27 13:56 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 23:36 <DIR> d-------- C:\Deckard
2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26 <DIR> d-------- C:\ie-spyad
2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll
2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft
2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner
2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic
2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software
2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali
2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec
2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec
2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual
2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput
2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee
2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware
2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free
2007-06-26 02

44 -------- d-----w C:\Program Files\WinMX
2007-06-26 02

10 -------- d-----w C:\Program Files\QuickTime
2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo
2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes
2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp
2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google
2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod
2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time
2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger
2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy
2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update
2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM
2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine
2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead
2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally
2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink
2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

Contents of the 'Scheduled Tasks' folder
2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job
2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job
2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job
2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 18:24:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 18:25:14
C:\ComboFix-quarantined-files.txt ... 2007-06-27 18:24
C:\ComboFix2.txt ... 2007-06-27 00:52

--- E O F ---

computer is running sluggish.. keep getting popups saying "Get spyware program now blah blah blah" ...

06-27-2007, 04:29 PM	#13 (permalink)
needhelpasap85 Registered User Join Date: Jun 2007 Location: VA Posts: 30 OS: XPSP2	Re: Need help with massive spyware... kaspersky and the other online scanner isnt working still no clue why... but heres the rest... Logfile of HijackThis v1.99.1 Scan saved at 6:27:35 PM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\MemTurbo\MemTurbo.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\PROGRA~1\DVDREG~2\DVDRegionFree.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing) O2 - BHO: (no name) - {8D99D2A3-317C-4929-8A5D-21140259D93A} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Spyware X-terminator] "C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" -w -b O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [qvyuxefcfc] c:\windows\system32\qvyuxefcfc.exe qvyuxefcfc O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - (no file) O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - (no file) O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe and heres the combofix "Owner" - 2007-06-27 18:21:37 - ComboFix 07-06-27.5 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.url C:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.url C:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.url C:\WINDOWS\dat.txt C:\WINDOWS\ddesupport.dll C:\WINDOWS\main_uninstaller.exe C:\WINDOWS\msdde.dll C:\WINDOWS\msole.dll C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 ))))))))))))))))))))))))))))))) 2007-06-27 18:22 <DIR> d-------- C:\WINDOWS\privacy_danger 2007-06-27 17:28 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-27 14:35 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-06-27 14:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-06-27 14:33 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-06-27 14:31 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-06-27 14:08 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-06-27 13:56 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe 2007-06-27 13:56 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys 2007-06-27 13:56 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll 2007-06-27 13:56 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe 2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-26 23:36 <DIR> d-------- C:\Deckard 2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe 2007-06-26 23:26 <DIR> d-------- C:\ie-spyad 2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll 2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll 2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot 2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft 2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner 2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo! 2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner 2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1 2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll 2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com 2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView 2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL 2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic 2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat 2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software 2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP 2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6 2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads 2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali 2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec 2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec 2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual 2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter 2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput 2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll 2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll 2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft 2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter 2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc 2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee 2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware 2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus 2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free 2007-06-26 0244 -------- d-----w C:\Program Files\WinMX 2007-06-26 0210 -------- d-----w C:\Program Files\QuickTime 2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo 2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes 2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp 2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google 2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod 2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time 2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger 2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy 2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update 2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL 2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM 2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat 2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry 2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine 2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead 2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead 2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20 2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally 2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink 2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH! 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56] {49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16] "_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05] "MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42] "Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37] "McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00] "AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] @= [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Power2GoExpress"=NA [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] MMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon] C:\Program Files\Digital Media Reader\readericon45G.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 Contents of the 'Scheduled Tasks' folder 2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job 2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job 2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job 2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-27 18:24:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-27 18:25:14 C:\ComboFix-quarantined-files.txt ... 2007-06-27 18:24 C:\ComboFix2.txt ... 2007-06-27 00:52 --- E O F --- computer is running sluggish.. keep getting popups saying "Get spyware program now blah blah blah" ...