I managed to get some nasty spyware/malware somehow yesterday and haven't been able to clean it up yet. I greatly appreciate any assistance available.

I have already run an updated adaware (multiple times), here is my HiJackThis log file after my most recent Adaware and HJT sweeps.


Logfile of HijackThis v1.99.1
Scan saved at 11:03:49 AM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe



Thanks again for your help.

MM

Here is my combofix log as well, in case it is useful...

"Matt Maxfield" - 2007-06-01 12:48:05 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Matt Maxfield\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\cfqrxibe.dll
C:\WINDOWS\system32\idmkkydb.dll
C:\WINDOWS\system32\mhxdehad.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\yayvvus.dll
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\dahedxhm.ini
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\pmnmnml.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Program Files\Common Files\Yazzle1281OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
"C:\Program Files\MSN\rteserik.html"
"C:\Program Files\MSN\qukadoq.dll"
"C:\Temp\tn3"
"C:\WINDOWS\system32\drivers\core.sys"

-- Purity Folders:

C:\DOCUME~1\MATTMA~1\APPLIC~1\ECURIT~1



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))


2007-06-01 01:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-31 14:00 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-31 13:52 <DIR> d-------- C:\Documents and Settings\Matt Maxfield\.housecall6.6
2007-05-31 13:52 <DIR> d-------- C:\DOCUME~1\MATTMA~1\.housecall6.6
2007-05-31 13:23 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-31 13:23 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-05-31 13:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-05-31 13:14 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-31 13:14 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\T7
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-31 13:13 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-31 13:13 <DIR> d-------- C:\Tempb9
2007-05-31 13:13 <DIR> d-------- C:\Temp
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B9DFDEF4-3471-4379-BDBB-DEDA8A9809DF}
2007-05-26 12:25 <DIR> d-------- C:\Program Files\Sports Mogul
2007-05-15 20:16 <DIR> d-------- C:\DOCUME~1\MATTMA~1\APPLIC~1\Chicken Chase
2007-05-15 18:56 <DIR> d-------- C:\WINDOWS\pss
2007-05-15 15:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Legacy Interactive
2007-05-10 00:47 <DIR> d--h----- C:\DOCUME~1\MATTMA~1\APPLIC~1\Move Networks
2007-05-07 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 16:02:23 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-31 18:56:27 -------- d-----w C:\Program Files\Yahoo! Games
2007-05-31 18:56:26 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-05-31 18:56:21 -------- d-----w C:\Program Files\Morpheus
2007-05-31 18:56:20 -------- d-----w C:\Program Files\Modem Helper
2007-05-31 18:56:15 -------- d-----w C:\Program Files\Dell
2007-05-10 03:12:18 56 --sh--r C:\WINDOWS\system32\660C2C9819.sys
2007-05-10 03:12:18 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-09 06:05:24 -------- d-----w C:\DOCUME~1\MATTMA~1\APPLIC~1\PlayFirst
2007-04-30 01:46:07 -------- d-----w C:\DOCUME~1\MATTMA~1\APPLIC~1\iWin
2007-04-29 06:29:05 88 --sh--r C:\WINDOWS\system32\19982C0C66.sys
2007-04-23 03:18:41 -------- d-----w C:\DOCUME~1\MATTMA~1\APPLIC~1\7Wonders
2007-04-23 02:44:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 03:25:44 -------- d-----w C:\DOCUME~1\MATTMA~1\APPLIC~1\Google
2007-04-16 03:25:20 -------- d-----w C:\Program Files\Google
2007-04-12 21:42:18 -------- d--h--w C:\DOCUME~1\MATTMA~1\APPLIC~1\Gtek
2007-04-12 21:38:54 -------- d-----w C:\Program Files\DellSupport
2007-04-10 00:14:33 -------- d-----w C:\DOCUME~1\MATTMA~1\APPLIC~1\uTorrent
2007-04-06 16:15:28 -------- d-----w C:\Program Files\PokerStars
2007-04-05 04:46:46 -------- d-----w C:\Program Files\utorrent
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 06:29:28 4,096 ----a-w C:\WINDOWS\d3dx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll [2005-11-03 14:10]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-19 11:19]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
C:\Program Files\MSN\rteserik.html


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myCleanerPC]
C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA7P_0001_N91M0809]
"C:\DOCUME~1\MATTMA~1\LOCALS~1\Temp\WinAntiVirusPro2007FreeInstall.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"C:\DOCUME~1\MATTMA~1\APPLIC~1\ECURIT~1\spoolsv.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\mhxdehad.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-01 17:54:35 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MKM-Matt Maxfield).job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 12:54:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-01 12:55:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-01 12:55

--- E O F ---

Did you run Ad-Aware? If so, what did it find?

Also, while trying to fix this, you might want to know how to temporarily stop the url.cpvfeed and Zedo popups. If you have another broswer such as Opera or Firefox, then open up Internet Explorer

On the menu bar, go to the File dropdown menu, and select 'Work Offline'

Now use another broswer besides IE for your internet surfing. As long as IE is working offline, you won't see any popups, but you won't be able to log into MSN messenger either.