Need help with massive spyware...

[needhelpasap85]

somehow spyware got onto my computer.. pretty sure it was roomates fault.. but i have used AdAware, Webroot Spysweeper, Spyware X-Terminator, Mcafee, Spybot S&D, and CWShredder and some of these have found things on my computer.. but when i reboot my system the spyware just comes right back... i even tried all in safe mode..still same results... everytime i reboot i get a red triangle with a exclamation point in middle saying virus activites found... blah blah blah im pretty sure thats the spyware... also i get "Error Cleaner", "Spyware & Malware Protection" and one other desktop icon onmy computer every reboot... so if anyone could help me out id appreciate it....

Deckard's System Scanner v20070611.50
Run by Owner on 2007-06-26 at 23:36:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2007-06-27 03:36:29 UTC - RP174 - Deckard's System Scanner Restore Point
37: 2007-06-27 02:19:36 UTC - RP173 - Software Distribution Service 3.0
36: 2007-06-26 17:38:16 UTC - RP172 - Removed Power Tab Editor 1.7
35: 2007-06-26 17:36:47 UTC - RP171 - Removed Guitar Hero Explorer
34: 2007-06-26 07:18:51 UTC - RP170 - Installed McAfee QuickClean 6.0


-- First Restore Point --
1: 2007-03-31 20:15:01 UTC - RP137 - Installed iTunes


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:37:57 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Spyware X-terminator] "C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" -w -b
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - C:\WINDOWS\msdde.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070626-222216-171 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
backup-20070626-222216-868 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
S4 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfee AntiSpyware Service - "c:\progra~1\mcafee\mcafee antispyware\massrv.exe" <Not Verified; McAfee, Inc.; McAfee AntiSpyware>
R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-26 22:31:56 448 --a------ C:\WINDOWS\Tasks\Spyware X-terminator 2005 Update.job
2007-06-26 05:30:05 362 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job
2007-06-22 12:02:44 348 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2007-06-21 18:28:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-06-15 15:41:13 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-26 23:27:24 0 d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26:35 21312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26:06 0 d-------- C:\ie-spyad
2007-06-26 22:41:00 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40:57 424960 --a------ C:\WINDOWS\WRServices.dll <Not Verified; Webroot Software, Inc; >
2007-06-26 22:40:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-06-26 14:45:59 0 d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:45:57 0 d-------- C:\Program Files\StompSoft
2007-06-26 14:25:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-06-26 14:25:28 0 d-------- C:\Program Files\Lavasoft
2007-06-26 13:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-26 13:03:36 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-06-26 13:00:32 0 d-------- C:\Program Files\Yahoo!
2007-06-26 13:00:12 0 d-------- C:\Program Files\CCleaner
2007-06-26 11:44:29 0 d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 03:14:43 7680 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-06-26 03:14:43 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
2007-06-26 03:12:20 0 d-------- C:\Program Files\McAfee.com
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 22:35:11 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 22:35:11 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 22:35:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 22:35:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-06-25 22:35:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 22:35:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-06-25 22:35:10 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-25 17:21:20 30720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 17:21:19 76800 --a------ C:\WINDOWS\msole.dll <Not Verified; ; IEXPLORE>
2007-06-25 17:21:19 87552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 17:21:18 270336 --a------ C:\WINDOWS\ddesupport.dll <Not Verified; ; BhoNew Module>
2007-06-23 13:03:00 0 d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48:18 0 d-------- C:\Program Files\NovaLogic
2007-06-23 12:41:18 0 d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48:41 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-06-22 00:39:13 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29:38 0 d-------- C:\Program Files\Panda Software
2007-06-22 00:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-06-22 00:16:26 0 d-------- C:\Program Files\AIM6
2007-06-22 00:14:22 0 d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-06-06 19:04:54 0 d-------- C:\Documents and Settings\Owner\Application Data\CoreCodec
2007-06-06 19:04:19 0 d-------- C:\Program Files\Haali
2007-06-06 19:04:10 0 d-------- C:\Program Files\CoreCodec
2007-06-05 19:47:00 0 d-------- C:\Program Files\InterActual
2007-06-04 23:09:15 0 d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53:12 0 d-------- C:\ConverterOutput
2007-06-01 01:52:52 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52:51 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52:51 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52:51 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52:50 0 d-------- C:\Program Files\Cucusoft
2007-06-01 01:51:56 0 d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51:14 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-05-30 15:31:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-05-30 15:24:22 0 d-------- C:\Program Files\Nero
2007-05-26 18:04:11 0 d-------- C:\Program Files\CD_DVD-ROM Generator 1.20


-- Find3M Report ---------------------------------------------------------------

2007-06-26 03:21:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 03:19:13 0 d-------- C:\Program Files\McAfee
2007-06-26 03:08:33 0 d-------- C:\Program Files\NoAdware
2007-06-26 02:33:08 0 d-------- C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 00:44:55 0 d-------- C:\Program Files\DVD Region+CSS Free
2007-06-25 2244 0 d-------- C:\Program Files\WinMX
2007-06-25 2210 0 d-------- C:\Program Files\QuickTime
2007-06-25 22:03:54 0 d-------- C:\Program Files\MemTurbo
2007-06-25 22:03:40 0 d-------- C:\Program Files\iTunes
2007-06-25 16:05:11 0 d-------- C:\Program Files\Winamp
2007-06-25 16:05:08 0 d-------- C:\Program Files\Google
2007-06-23 14:08:01 0 d-------- C:\Program Files\iPod
2007-06-23 12:59:17 0 d-------- C:\Program Files\Run-Time
2007-06-23 12:52:32 0 d-------- C:\Program Files\MSN Messenger
2007-06-22 12:02:47 0 d-------- C:\Program Files\XoftSpy
2007-06-22 01:42:23 0 d-------- C:\Program Files\Apple Software Update
2007-06-22 00:18:15 0 d-------- C:\Program Files\Common Files\AOL
2007-06-22 00:18:14 0 d-------- C:\Program Files\AIM
2007-06-19 14:29:56 14 --a------ C:\WINDOWS\popcinfo.dat
2007-06-13 16:18:30 0 d-------- C:\Program Files\Sonic Foundry
2007-06-09 16:32:06 176 --a------ C:\Documents and Settings\Owner\Application Data\iPod Access v2 Prefs
2007-06-06 19:17:10 0 d-------- C:\Program Files\The FilmMachine
2007-05-30 15:24:26 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-30 15:16:43 0 d-------- C:\Program Files\Ahead
2007-05-25 20:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data\OnReally
2007-05-21 14:38:27 0 d-------- C:\Program Files\DVD Shrink <DVDSHR~1>
2007-05-21 14:34:58 0 d-------- C:\Program Files\DVDSHR~1.SH!
2007-05-15 22:38:43 48 --ah----- C:\Documents and Settings\Owner\Application Data\iPodAccess_OwnerName
2007-05-15 22:36:42 11 --ah----- C:\Documents and Settings\Owner\Application Data\iPodAccess_Time
2007-04-29 15:01:50 0 --a------ C:\WINDOWS\PowerReg.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{49CF52D7-8D58-4E22-A874-AAD721F5B523} C:\WINDOWS\ddesupport.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"qvyuxefcfc"="c:\\windows\\system32\\qvyuxefcfc.exe qvyuxefcfc"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\masalert.exe"
"McRegWiz"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcregwiz.exe /autorun"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MSKAgentExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"Spyware X-terminator"="\"C:\\Program Files\\StompSoft\\SpywareXterminatorV5\\SpywareX.exe\" -w -b"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"McAfee QuickClean Imonitor"="C:\\Program Files\\McAfee\\McAfee QuickClean\\Plguni.exe /START"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"msole"="{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}"
"msdde"="{9445C360-7A41-4937-924C-E316C9591DE1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\AutorunsDisabled]
"msdde"="{B55413CD-0BCF-4549-ACCD-50C4641714A0}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1158036007\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetHook"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray"
"hkey"="HKLM"
"command"="MMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="readericon45G"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2007-06-26 at 23:38:32 ---------

[needhelpasap85]

lookin on the other help forums i see this is necessary in most cases.. so i guess ahead of time heres the combo fix log:

"Owner" - 2007-06-27 0:50:24 - ComboFix 07-06-27.5 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qvyuxefcfc.dat
C:\WINDOWS\system32\qvyuxefcfc.exe
C:\WINDOWS\system32\qvyuxefcfc_nav.dat
C:\WINDOWS\system32\qvyuxefcfc_navps.dat


((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 23:36 <DIR> d-------- C:\Deckard
2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26 <DIR> d-------- C:\ie-spyad
2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll
2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft
2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner
2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-06-26 03:14 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-06-26 03:14 7,680 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-25 17:21 87,552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 17:21 76,800 --a------ C:\WINDOWS\msole.dll
2007-06-25 17:21 30,720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 17:21 270,336 --a------ C:\WINDOWS\ddesupport.dll
2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic
2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software
2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali
2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec
2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec
2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual
2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput
2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee
2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware
2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free
2007-06-26 0244 -------- d-----w C:\Program Files\WinMX
2007-06-26 0210 -------- d-----w C:\Program Files\QuickTime
2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo
2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes
2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp
2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google
2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod
2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time
2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger
2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy
2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update
2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM
2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine
2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead
2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally
2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink
2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [2007-06-25 05:08]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 17:16]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-07-15 12:20]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}"="C:\WINDOWS\msole.dll" [2007-06-25 05:08]
"{9445C360-7A41-4937-924C-E316C9591DE1}"="C:\WINDOWS\msdde.dll" [2007-06-25 05:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job
2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job
2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job
2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 00:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 0:52:29
C:\ComboFix-quarantined-files.txt ... 2007-06-27 00:52

--- E O F ---

[needhelpasap85]

-bump- any help would be appreciated....

[needhelpasap85]

ugh urgent news... my background has changed to a biohazard sign and sayin your privacy is in danger.... hmmm.. and when i try to change desktop still up.. also its like a link its tryin to get me to click on...

actually if i went to the very top of image.. it had a minimize and close option... so i dunno if it was from a popup or what... someone help me out as soon as possible.. thanks

[sUBs]

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall a set of logs for us after that

[needhelpasap85]

everytime i try to scan my pc online the window pops up like its goign to load then closes.... ? other then that it looks like ive done the other 4 steps.... any clue why online scan wont work?

[sUBs]

Skip the online scan & proceed to Step #5 of the 5 steps

[needhelpasap85]

i might sound retarted.. but reading that I think I have done everything right.. unless you say I need to do something else... like post a new dss file.. or hijack this file... please let me know...

[sUBs]

Oops ... I'm sorry. Fatigue got the better of me. I didn't notice the previous logs. Sorry for making you go through the 5 steps again

[needhelpasap85]

it's not problem lol.. i thought i was missing something :)

[sUBs]

Which online scanner did you say was giving you trouble?

[sUBs]

Before fixing anything, open notepad and Copy/Paste the text in the box below into it:

Code:

@echo off
For %%g in (
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\ddesupport.dll
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit

Save this as Submit.bat Choose to "Save type as - All Files". It should look like this:
Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip
Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\ddesupport.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qvyuxefcfc"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A698680-3FDB-4A26-BE3E-C7CB89F41CEC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9445C360-7A41-4937-924C-E316C9591DE1}]

Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log


---------------


I am going to assume it wasn't Kaspersky that you were refering to

Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. We only require a report from it.
  It does not provide an option to clean/disinfect.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[needhelpasap85]

kaspersky and the other online scanner isnt working still no clue why... but heres the rest...

Logfile of HijackThis v1.99.1
Scan saved at 6:27:35 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\MemTurbo\MemTurbo.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\DVDREG~2\DVDRegionFree.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)
O2 - BHO: (no name) - {8D99D2A3-317C-4929-8A5D-21140259D93A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Spyware X-terminator] "C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" -w -b
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [qvyuxefcfc] c:\windows\system32\qvyuxefcfc.exe qvyuxefcfc
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - (no file)
O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - (no file)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

and heres the combofix

"Owner" - 2007-06-27 18:21:37 - ComboFix 07-06-27.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\Owner\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\Owner\FAVORI~1.\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\ddesupport.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt


((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


2007-06-27 18:22 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-06-27 17:28 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-27 14:35 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-27 14:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-06-27 14:33 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-27 14:31 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-27 14:08 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-27 13:56 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2007-06-27 13:56 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2007-06-27 13:56 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2007-06-27 13:56 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2007-06-27 00:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 23:36 <DIR> d-------- C:\Deckard
2007-06-26 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-26 23:26 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-26 23:26 <DIR> d-------- C:\ie-spyad
2007-06-26 22:41 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-06-26 22:40 424,960 --a------ C:\WINDOWS\WRServices.dll
2007-06-26 22:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-06-26 14:45 <DIR> d-------- C:\Program Files\StompSoft
2007-06-26 14:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 14:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-26 14:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-26 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-26 13:00 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-26 13:00 <DIR> d-------- C:\Program Files\CCleaner
2007-06-26 11:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.1
2007-06-26 11:40 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-06-26 03:12 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-06-26 03:12 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-06-26 03:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-25 22:35 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-25 22:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-23 13:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-23 12:48 <DIR> d-------- C:\Program Files\NovaLogic
2007-06-23 12:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-22 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore
2007-06-22 00:39 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-06-22 00:29 <DIR> d-------- C:\Program Files\Panda Software
2007-06-22 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-06-22 00:16 <DIR> d-------- C:\Program Files\AIM6
2007-06-22 00:14 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-22 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-06 19:04 <DIR> d-------- C:\Program Files\Haali
2007-06-06 19:04 <DIR> d-------- C:\Program Files\CoreCodec
2007-06-06 19:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CoreCodec
2007-06-05 19:47 <DIR> d-------- C:\Program Files\InterActual
2007-06-04 23:09 <DIR> d-------- C:\Program Files\WinAVI VideoConverter
2007-06-01 01:53 <DIR> d-------- C:\ConverterOutput
2007-06-01 01:52 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-01 01:52 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-01 01:52 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-01 01:52 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-01 01:52 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-01 01:51 <DIR> d-------- C:\Program Files\Plato DVD to AVI Converter
2007-05-31 19:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-30 15:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-05-30 15:24 <DIR> d-------- C:\Program Files\Nero


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 07:21:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 07:19:13 -------- d-----w C:\Program Files\McAfee
2007-06-26 07:08:33 -------- d-----w C:\Program Files\NoAdware
2007-06-26 06:33:08 -------- d-----w C:\Program Files\Acoustica Mp3 To Wave Converter Plus
2007-06-26 04:44:55 -------- d-----w C:\Program Files\DVD Region+CSS Free
2007-06-26 0244 -------- d-----w C:\Program Files\WinMX
2007-06-26 0210 -------- d-----w C:\Program Files\QuickTime
2007-06-26 02:03:54 -------- d-----w C:\Program Files\MemTurbo
2007-06-26 02:03:40 -------- d-----w C:\Program Files\iTunes
2007-06-25 20:05:11 -------- d-----w C:\Program Files\Winamp
2007-06-25 20:05:08 -------- d-----w C:\Program Files\Google
2007-06-23 18:08:01 -------- d-----w C:\Program Files\iPod
2007-06-23 16:59:17 -------- d-----w C:\Program Files\Run-Time
2007-06-23 16:52:32 -------- d-----w C:\Program Files\MSN Messenger
2007-06-22 16:02:47 -------- d-----w C:\Program Files\XoftSpy
2007-06-22 05:42:23 -------- d-----w C:\Program Files\Apple Software Update
2007-06-22 04:18:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-22 04:18:14 -------- d-----w C:\Program Files\AIM
2007-06-19 18:29:56 14 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-13 20:18:30 -------- d-----w C:\Program Files\Sonic Foundry
2007-06-06 23:17:10 -------- d-----w C:\Program Files\The FilmMachine
2007-05-30 19:24:26 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-30 19:16:43 -------- d-----w C:\Program Files\Ahead
2007-05-28 05:56:46 -------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-05-26 00:54:18 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OnReally
2007-05-21 18:38:27 -------- d-----w C:\Program Files\DVD Shrink
2007-05-21 18:34:58 -------- d-----w C:\Program Files\DVDSHR~1.SH!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 19:02:23 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-29 19:01:50 0 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 05:56]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 C:\WINDOWS\soundman.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05]
"MSKAgentExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-03-23 15:47]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"Spyware X-terminator"="C:\Program Files\StompSoft\SpywareXterminatorV5\SpywareX.exe" [2005-10-28 17:35]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"qvyuxefcfc"="c:\windows\system32\qvyuxefcfc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 16:33]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158036007\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
2007-06-21 22:28:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-06-15 19:41:13 C:\WINDOWS\tasks\ISP signup reminder 2.job
2007-06-26 09:30:05 C:\WINDOWS\tasks\McAfee AntiSpyware.job
2007-06-27 02:31:56 C:\WINDOWS\tasks\Spyware X-terminator 2005 Update.job
2007-06-22 16:02:44 C:\WINDOWS\tasks\XoftSpy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 18:24:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 18:25:14
C:\ComboFix-quarantined-files.txt ... 2007-06-27 18:24
C:\ComboFix2.txt ... 2007-06-27 00:52

--- E O F ---

computer is running sluggish.. keep getting popups saying "Get spyware program now blah blah blah" ...

[sUBs]

Please disable AdWatch, as it may hinder the removal of some entries.
You can re-enable it after you're clean. To disable AdWatch:

• Open AdAware SE.
• Go to AdWatch User Interface.
• Go to Tools and Preferences.
• At the bottom of the screen you will see 2 options Active and Automatic.
• Active: This will turn Ad-Watch On\Off without closing it
• Automatic: Suspicious activity will be blocked automatically
• Uncheck both options. You can enable these after resolving your problem.
• Unless they are turned off they could interfere with the fix by HijackThis.

--------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)
O2 - BHO: (no name) - {8D99D2A3-317C-4929-8A5D-21140259D93A} - (no file)
O4 - HKLM\..\Run: [qvyuxefcfc] c:\windows\system32\qvyuxefcfc.exe qvyuxefcfc
O21 - SSODL: msole - {8A698680-3FDB-4A26-BE3E-C7CB89F41CEC} - (no file)
O21 - SSODL: msdde - {9445C360-7A41-4937-924C-E316C9591DE1} - (no file)


---------------

Quote:

keep getting popups saying "Get spyware program now blah blah blah" ...

Reboot the machine. Those pop ups should have stopped after this ComboFix run.

Please describe what happened when you tried running Kaspersky

[needhelpasap85]

Ok done the fix and about to reboot... but when i go to kaspersky site i click on scan now... it pops the window up like its gonna run.. then all of a sudden it just closes... and nothing happens.. i dont get any popups saying install activex either....

[sUBs]

See if it's any better after the reboot. It may have been the 4 files we just removed

Really have to go offline now. Keep maing typos

[needhelpasap85]

ok.. the online scan is loaded up... i hti accept and it refreshed the page.. but theres no accept or nething.. pretty much just telling me the requiremetns and limitations... also in IE I cant change the homepage still.. its still the gomyron.com ....

[needhelpasap85]

I'm leaving for Wisconsin in about 30 minutes... so if you post anything and I cant get to it... ill get to it when I get back on Monday... thanks in advanced. the popups have stopped... but its the IE homepage wont change still and also the kaspersky loads up.. but when i hit accept it just reloads the page and tells me about the requirements and legal stuff....

[sUBs]

Quote:

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Could it be this?

[needhelpasap85]

im back from Wisconsin.. will be posting my online virus scan report soon.. and I guess I will put a fresh HJT log up too.....