Thread: Pop-ups, Hijackthis log file
View Single Post
Old 10-28-2007, 08:20 PM   #4 (permalink)
Bobby Smith
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
I've attached the main.txt and extra.txt. Thanks for your help and please advise.

Deckard's System Scanner v20071014.68
Run by Owner on 2007-10-28 20:56:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-10-29 01:56:45 UTC - RP803 - Deckard's System Scanner Restore Point
75: 2007-10-29 01:03:42 UTC - RP802 - System Checkpoint
74: 2007-10-28 00:03:55 UTC - RP801 - System Checkpoint
73: 2007-10-26 23:31:51 UTC - RP800 - System Checkpoint
72: 2007-10-25 01:29:45 UTC - RP799 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 23:33:26 UTC - RP728 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:59:20 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LMPC3\lockpc.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\Deckard's System Scanner DSS.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F3CFDE2-A6DE-1207-76F1-014F46C92C38} - http://69.50.173.166/1/gdnUS2270.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://lowerlot.axiscam.net:9553/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20050730-164531-899 O4 - HKLM\..\Run: [hgqjfy] c:\windows\system32\rkmnrj.exe r
backup-20050730-164531-982 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
backup-20070716-130750-184 O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
backup-20070716-130750-688 O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
backup-20070716-130750-720 O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
backup-20070716-130750-898 O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
backup-20070716-130750-908 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
backup-20070716-130750-987 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
backup-20070716-130751-206 O17 - HKLM\System\CCS\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-313 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-360 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-555 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20070716-130751-623 O17 - HKLM\System\CS1\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-830 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
backup-20070716-130751-869 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-875 O17 - HKLM\System\CCS\Services\Tcpip\..\{82FFCB06-6C60-46F0-A49F-5AE5DDC1F4BE}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-883 O17 - HKLM\System\CS2\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Iomega Disk Filter Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 ewido security suite driver - c:\program files\ewido\security suite\guard.sys
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 LMPC2 - c:\windows\system32\drivers\lmpc2.sys <Not Verified; FSPro Labs; LMPC>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 ldiskl - c:\docume~1\owner~1.bob\locals~1\temp\ldiskl.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 TBU11 (Turtle Beach USB MIDI 1x1 Driver) - c:\windows\system32\drivers\tbu11.sys <Not Verified; Voyetra Turtle Beach, Inc.; Turtle Beach USB MIDI 1x1>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>
S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHP_DVD_WRITER_300N______________________3.20____\5&22AC9DF0&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HP DVD Writer 300n
PNP Device ID: IDE\CDROMHP_DVD_WRITER_300N______________________3.20____\5&22AC9DF0&0&0.0.0
Service: cdrom


-- Files created between 2007-09-28 and 2007-10-28 -----------------------------

2007-10-10 13:37:03 0 d-------- C:\Program Files\ASIO4ALL v2
2007-10-07 14:28:16 0 d-------- C:\Program Files\Native Instruments
2007-10-07 14:27:50 130048 --a------ C:\WINDOWS\nvchost.exe


-- Find3M Report ---------------------------------------------------------------

2007-10-27 17:37:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-27 09:02:08 0 d-------- C:\Program Files\Quicken
2007-10-21 09:46:47 0 d-------- C:\Program Files\LimeWire
2007-10-10 13:37:57 0 d-------- C:\Program Files\Image-Line
2007-10-04 16:32:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 01:36:20 0 d-------- C:\Documents and Settings\Owner.BOBBY\Application Data\Juce VST Host
2007-09-22 14:40:12 0 d-------- C:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118}]
C:\Program Files\Video ActiveX Access\iesplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 06:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/17/2005 07:04 PM]
"Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [05/26/2006 11:25 AM]
"winlogon"="C:\WINDOWS\nvchost" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [12/03/2003 09:42 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/18/2005 01:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 3:19:24 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [12/13/2003 3:28:04 PM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [6/8/2003 5:48:18 PM]
PrintKey-Pro.lnk - C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe [9/19/2003 10:12:40 PM]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [10/5/2005 8:31:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rwdkpffj.exe"=C:\WINDOWS\system\rwdkpffj.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{33b8d257-07f6-4c06-8605-94bc21728635}"= C:\WINDOWS\system32\onljweo.dll [07/16/2007 12:01 PM 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2007-10-28 21:00:09 ------------
Attached Files
File Type: txt extra.txt (27.3 KB, 2 views)
File Type: txt main.txt (14.7 KB, 2 views)
Last edited by Ried; 10-28-2007 at 10:54 PM.
Bobby Smith is offline