Possible spyware problem(RESOLVED)

**Bam0899** · 05-12-2006

Here's my problem, any help would be greatly appreciated

I use the latest version of Firefox & Windows XP

It appears a browser window is trying to open completely at random but nothing comes on the screen at all. The only thing I see is a blank page window in the bottom tool bar. When this happens it will interrupt my screen saver and will actually minimize my online game if I am idle in game.

This problem started about a month ago and I didnt install or download anything new prior to this starting. Since it started I have switched my virus protection and I always have run 2 different spyware programs.

Any thoughts?

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:55:47 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\TASKPL~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\william\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'ua_lsp.dll' missing
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

**Neal** · 05-12-2006

Welcome,

Sometimes malware hides from hijackthis.exe so let's rename it, right click on hijackthis.exe and select rename and type in foolyou.exe and press enter and post that log after the below.

INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"

Download and scan with AVG Anti-Spyware
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

* Press "OK".
* Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
* When you find the guard service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Manual".
* Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message". If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from HERE .

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.

* Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
* Under "How to Scan?" check all (default).
* Under "Possibly unwanted software" check all (default).
* Under "What to Scan?" make sure "Scan every file" is selected (default).
* Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the "Apply all actions button". If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

**Bam0899** · 05-12-2006

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:23:09 AM 12/5/2006

+ Scan result:

:mozilla.111:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\william\Cookies\william@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\william\Cookies\william@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.358:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.110:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.437:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.256:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.257:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.258:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.259:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.431:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.486:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.484:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.485:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.487:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.488:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.489:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\william\Cookies\william@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.220:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.25:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.28:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.182:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.183:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.184:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.186:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\william\Cookies\william@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.464:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.465:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.466:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.355:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.297:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.140:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.142:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.143:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.144:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.378:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.382:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.383:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.406:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.415:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.296:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.187:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.315:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.316:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.317:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.460:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.461:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.462:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\william\Cookies\william@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.181:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.249:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.26:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.27:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.29:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.240:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.242:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.243:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.244:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.159:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.160:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.161:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.162:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.164:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.10:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.11:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.12:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.13:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.14:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.15:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.481:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.482:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.483:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.221:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.222:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.223:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.224:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.225:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.471:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.472:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.130:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.131:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.492:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.170:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.171:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.172:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.173:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.174:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.177:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.178:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.385:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.386:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.387:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.34:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.35:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.36:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.37:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.38:C:\Documents and Settings\william\Application Data\Mozilla\Firefox\Profiles\ksxn0sju.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

**Neal** · 05-12-2006

Please post the newly renamed hijackthis log please. Thanks.

**Bam0899** · 05-12-2006

New hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:18:35 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\TASKPL~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\william\Desktop\foolyou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'ua_lsp.dll' missing
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

**Neal** · 05-12-2006

Hello,

1.) Download WinSockFix. (by: Option^Explicit)
2.) UnZip WinsockFix.zip (Pay close attention to where the file is extracted to.)
3.) Run WinsockFix.exe.
4.) Click the Fix button.

Also...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**Bam0899** · 06-12-2006

william - 06-12-05 18:00:27.76 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\william\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))

2006-12-04 23:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-04 09:30 <DIR> d-------- C:\Program Files\Ashampoo
2006-12-04 08:58 <DIR> d-------- C:\Program Files\LimeWire
2006-12-04 08:58 <DIR> d-------- C:\Documents and Settings\william\Incomplete
2006-12-04 08:57 <DIR> d-------- C:\Documents and Settings\william\.limewire
2006-11-28 11:17 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-28 11:16 <DIR> d-------- C:\Documents and Settings\william\.housecall6.6
2006-11-20 14:07 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-11-20 14:07 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-11-20 14:07 <DIR> d-------- C:\Documents and Settings\william\Application Data\McAfee.com Personal Firewall
2006-11-20 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-11-20 14:04 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-11-20 13:58 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-11-20 13:58 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-11-20 13:58 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-11-20 13:58 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-20 13:58 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2006-11-20 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-11-20 13:57 <DIR> d-------- C:\Program Files\McAfee.com
2006-11-20 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-15 16:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 16:55 <DIR> d-------- C:\a61880877c9503ebcd53938e57af04
2006-11-14 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-11-14 14:07 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-11-14 14:07 <DIR> d-------- C:\NVIDIA

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-12-05 17:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-05 08:40 -------- d-------- C:\Program Files\World of Warcraft
2006-12-04 23:39 -------- d-------- C:\Program Files\Grisoft
2006-12-04 09:43 -------- d-------- C:\Program Files\Xfire
2006-11-20 13:39 -------- d---s---- C:\Documents and Settings\william\Application Data\Microsoft
2006-11-15 16:55 -------- d-------- C:\Program Files\Internet Explorer
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 08:28 -------- d-------- C:\Documents and Settings\william\Application Data\AdobeUM
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-05 19:15 -------- d-------- C:\Program Files\ICQToolbar
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"POINTER"="point32.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mca gent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mc update.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp. exe /embedding"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\m cmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfT ray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\not active]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Ptipbmf"="rundll32.exe ptipbmf.dll,SetWriteCacheMode"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00 ,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23 ,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkvMon.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkComm on Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView5\\NkvMon.ex e "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (YOUR-317AE9B119-william).job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job

Completion time: 06-12-05 18:00:57.59
C:\ComboFix.txt ... 06-12-05 18:00

**Neal** · 06-12-2006

Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\Documents and Settings\william\.housecall6.6

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

Then do the same for this one also:

C:\WINDOWS\system32\instlsp.exe

Also find this folder and tell me what is in it please:

C:\a61880877c9503ebcd53938e57af04

Thanks.

**Bam0899** · 06-12-2006

C:\Documents and Settings\william\.housecall6.6

Is not a file but a folder

C:\WINDOWS\system32\instlsp.exe

Complete scanning result of "instlsp.exe", received in VirusTotal at 12.06.2006, 21:33:37 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.49 12.06.2006 no virus found
Authentium 4.93.8 12.05.2006 no virus found
Avast 4.7.892.0 12.06.2006 no virus found
AVG 386 12.06.2006 no virus found
BitDefender 7.2 12.06.2006 no virus found
CAT-QuickHeal 8.00 12.05.2006 no virus found
ClamAV devel-20060426 12.06.2006 no virus found
DrWeb 4.33 12.06.2006 no virus found
eSafe 7.0.14.0 12.06.2006 no virus found
eTrust-InoculateIT 23.73.78 12.06.2006 no virus found
eTrust-Vet 30.3.3234 12.06.2006 no virus found
Ewido 4.0 12.06.2006 no virus found
Fortinet 2.82.0.0 12.06.2006 no virus found
F-Prot 3.16f 12.05.2006 no virus found
F-Prot4 4.2.1.29 12.05.2006 no virus found
Ikarus T3.1.0.26 12.05.2006 no virus found
Kaspersky 4.0.2.24 12.06.2006 no virus found
McAfee 4911 12.05.2006 no virus found
Microsoft 1.1804 12.06.2006 no virus found
NOD32v2 1904 12.06.2006 no virus found
Norman 5.80.02 12.05.2006 no virus found
Panda 9.0.0.4 12.06.2006 no virus found
Prevx1 V2 12.06.2006 no virus found
Sophos 4.12.0 12.06.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.130 12.06.2006 no virus found
UNA 1.83 12.05.2006 no virus found
VBA32 3.11.1 12.05.2006 no virus found
VirusBuster 4.3.15:9 12.05.2006 no virus found

Aditional Information
File size: 32768 bytes
MD5: 9b9e9f55163716a8545611c596ef4801
SHA1: 7ad892820e1c75c4f2f738ed005745cf715022e6

C:\a61880877c9503ebcd53938e57af04

Has a rather large notepad text document called: msmxl4-KB927978-enu

**Neal** · 07-12-2006

Thnaks for the info, what is in this folder

C:\Documents and Settings\william\.housecall6.6

Possible spyware problem(RESOLVED)

Possible spyware problem(RESOLVED)

Similar Threads

Possible Spyware or Trojan

[RESOLVED] Spyware

spyware (RESOLVED)

Spyware/Pop-Up Problem (RESOLVED)

I Think I've got Spyware!!(RESOLVED)