Thread: Help with constant pop ups
View Single Post
Old 06-29-2008, 05:36 PM   #5 (permalink)
jimmydime
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Ok, finally got the scans and the log files. My trouble is trying to walk someone who has no technical or computer knowledge through this. Thank you for your patience.

Deckard's System Scanner v20071014.68
Run by Stacy on 2008-06-26 18:16:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Stacy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:04 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Documents and Settings\Stacy\Desktop\dss.exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\Stacy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {683E2552-188D-4F53-BC4C-32E0E94771E1} - H:\WINDOWS\system32\qoMcbcBq.dll
O2 - BHO: (no name) - {6B26B3CB-025E-451C-9933-AA8E36E89B30} - H:\WINDOWS\system32\xxyAssSM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {9c995c91-f0c9-ed4b-7484-a233d548e399} - {993e845d-332a-4847-b4de-9c0f19c599c9} - H:\WINDOWS\system32\dwrvojcr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [423b2b70] rundll32.exe "H:\WINDOWS\system32\ilpsexce.dll",b
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [multibits] C:\DOCUME~1\Kody\APPLIC~1\PING01~1\4fast.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: GameSpot Download Manager.lnk = H:\Program Files\GameSpot\GDM_TrayApp.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1013 Startup: LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA
O8 - Extra context menu item: Add to Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: qoMcbcBq - H:\WINDOWS\SYSTEM32\qoMcbcBq.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11090 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 18:07:26 107968 --a------ H:\WINDOWS\system32\dwrvojcr.dll
2008-06-26 17:39:48 84944 --a------ H:\WINDOWS\system32\ilpsexce.dll
2008-06-26 17:37:46 91568 --a------ H:\WINDOWS\system32\nrxbqkwu.dll
2008-06-26 14:53:04 107968 --a------ H:\WINDOWS\system32\vjbokgtu.dll
2008-06-26 14:50:15 84944 --a------ H:\WINDOWS\system32\nselirkd.dll
2008-06-26 14:49:53 91568 --a------ H:\WINDOWS\system32\biuslttf.dll
2008-06-26 14:40:56 91568 --a------ H:\WINDOWS\system32\dqomrclo.dll
2008-06-25 14:29:42 107936 --a------ H:\WINDOWS\system32\sblbkkxc.dll
2008-06-25 14:26:46 84880 -----n--- H:\WINDOWS\system32\tdbyyeaa.dll
2008-06-25 14:23:43 91472 --a------ H:\WINDOWS\system32\ujbnotly.dll
2008-06-24 18:49:26 101728 --a------ H:\WINDOWS\system32\lsunupcy.dll
2008-06-24 18:43:37 91488 --a------ H:\WINDOWS\system32\tosoetou.dll
2008-06-20 22:39:42 0 d-------- H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot
2008-06-19 09:27:05 0 d-------- H:\Documents and Settings\Tiara\Application Data\Macromedia
2008-06-19 09:27:04 0 d-------- H:\Documents and Settings\Tiara\Application Data\Adobe
2008-06-19 09:22:44 0 d-------- H:\Documents and Settings\Tiara\Application Data\Google
2008-06-19 09:20:50 0 d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:18:53 0 d-------- H:\Documents and Settings\Tiara\Application Data\Mozilla
2008-06-19 09:11:56 0 d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10:45 0 d-------- H:\Documents and Settings\Tiara\Application Data\Identities
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\SendTo
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\Recent
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\PrintHood
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\NetHood
2008-06-19 09:10:05 0 dr------- H:\Documents and Settings\Tiara\My Documents
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\Local Settings
2008-06-19 09:10:05 0 dr------- H:\Documents and Settings\Tiara\Favorites
2008-06-19 09:10:05 0 d-------- H:\Documents and Settings\Tiara\Desktop
2008-06-19 09:10:05 0 d--hs---- H:\Documents and Settings\Tiara\Cookies
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\Application Data
2008-06-19 09:10:05 0 d---s---- H:\Documents and Settings\Tiara\Application Data\Microsoft
2008-06-19 09:10:04 0 d--h----- H:\Documents and Settings\Tiara\Templates
2008-06-19 09:10:04 0 dr------- H:\Documents and Settings\Tiara\Start Menu
2008-06-19 09:10:04 1048576 --ah----- H:\Documents and Settings\Tiara\NTUSER.DAT
2008-06-18 20:37:02 84848 --a------ H:\WINDOWS\system32\mtethbrb.dll
2008-06-18 20:34:54 90368 --a------ H:\WINDOWS\system32\iuxiqtqj.dll
2008-06-18 20:33:55 328812 --ahs---- H:\WINDOWS\system32\Iklklnnn.ini2
2008-06-18 20:33:52 318304 --a------ H:\WINDOWS\system32\nnnlklkI.dll
2008-06-18 07:21:03 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 23:09:28 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
2008-06-16 23:08:13 0 d-------- H:\Program Files\LimeWire
2008-06-16 21:35:47 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Sun
2008-06-16 21:30:35 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Google
2008-06-16 21:28:15 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Macromedia
2008-06-16 21:28:13 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Adobe
2008-06-16 20:21:14 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 20:20:57 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Mozilla
2008-06-16 20:00:50 101648 --a------ H:\WINDOWS\system32\tsafkcpp.dll
2008-06-16 19:58:58 90448 --a------ H:\WINDOWS\system32\rlnfdief.dll
2008-06-16 19:57:49 327500 --ahs---- H:\WINDOWS\system32\twyFLkkj.ini2
2008-06-16 19:57:46 318336 --a------ H:\WINDOWS\system32\jkkLFywt.dll
2008-06-16 19:53:40 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52:48 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Identities
2008-06-16 19:52:06 0 dr------- H:\Documents and Settings\Kody.KYLE.001\Favorites
2008-06-16 19:52:06 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Desktop
2008-06-16 19:52:06 0 d--hs---- H:\Documents and Settings\Kody.KYLE.001\Cookies
2008-06-16 19:52:06 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Application Data
2008-06-16 19:52:06 0 d---s---- H:\Documents and Settings\Kody.KYLE.001\Application Data\Microsoft
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Templates
2008-06-16 19:52:05 0 dr------- H:\Documents and Settings\Kody.KYLE.001\Start Menu
2008-06-16 19:52:05 0 dr-h----- H:\Documents and Settings\Kody.KYLE.001\SendTo
2008-06-16 19:52:05 0 dr-h----- H:\Documents and Settings\Kody.KYLE.001\Recent
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\PrintHood
2008-06-16 19:52:05 1310720 --ah----- H:\Documents and Settings\Kody.KYLE.001\NTUSER.DAT
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\NetHood
2008-06-16 19:52:05 0 dr------- H:\Documents and Settings\Kody.KYLE.001\My Documents
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Local Settings
2008-06-16 19:26:44 0 d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13:12 0 d-------- H:\Program Files\Common Files\Nero
2008-06-16 18:05:44 101648 --a------ H:\WINDOWS\system32\tybsowwp.dll
2008-06-16 12:26:29 90448 --a------ H:\WINDOWS\system32\xypksrnr.dll
2008-06-15 17:38:44 101760 --a------ H:\WINDOWS\system32\nuspgouw.dll
2008-06-15 12:23:42 90416 --a------ H:\WINDOWS\system32\fvivbcrw.dll
2008-06-14 21:54:19 0 d-------- H:\Program Files\Trend Micro
2008-06-14 15:52:08 84880 --a------ H:\WINDOWS\system32\rimwbovp.dll
2008-06-14 15:46:03 101712 --a------ H:\WINDOWS\system32\iwnqliss.dll
2008-06-14 15:44:10 90432 --a------ H:\WINDOWS\system32\nohebmjr.dll
2008-06-13 21:12:05 1300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 15:24:21 101712 --a------ H:\WINDOWS\system32\fbhbnocf.dll
2008-06-13 15:22:13 90416 --a------ H:\WINDOWS\system32\eavsdylm.dll
2008-06-13 12:36:28 0 d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-13 12:35:31 0 d-------- H:\Documents and Settings\Stacy\Application Data\Mozilla
2008-06-12 14:40:13 84768 --a------ H:\WINDOWS\system32\kkordykb.dll
2008-06-12 14:39:21 0 dr-h----- H:\Documents and Settings\Kyle-Family Computer\Recent
2008-06-12 14:37:16 90400 --a------ H:\WINDOWS\system32\hqbvsqxr.dll
2008-06-12 12:24:21 101616 --a------ H:\WINDOWS\system32\kutjicpw.dll
2008-06-12 12:22:28 84768 --a------ H:\WINDOWS\system32\bqeaptly.dll
2008-06-12 12:22:07 90400 --a------ H:\WINDOWS\system32\sppeggas.dll
2008-06-12 12:21:12 338855 --ahs---- H:\WINDOWS\system32\jQpoYJjl.ini2
2008-06-12 12:21:10 318256 --a------ H:\WINDOWS\system32\ljJYopQj.dll
2008-06-11 17:05:57 0 d-------- H:\WINDOWS\setup.pss
2008-06-11 17:05:44 0 d-------- H:\WINDOWS\setupupd
2008-06-11 14:43:53 84736 --a------ H:\WINDOWS\system32\kttfsftd.dll
2008-06-11 14:40:51 101728 --a------ H:\WINDOWS\system32\bnsomtys.dll
2008-06-11 14:37:51 90384 --a------ H:\WINDOWS\system32\yurikbrn.dll
2008-06-11 13:46:07 101728 --a------ H:\WINDOWS\system32\mfwxcjpq.dll
2008-06-11 13:43:37 90384 --a------ H:\WINDOWS\system32\jfcjmsxi.dll
2008-06-11 13:42:43 337345 --ahs---- H:\WINDOWS\system32\AbehOqss.ini2
2008-06-11 13:42:32 318208 --a------ H:\WINDOWS\system32\ssqOhebA.dll
2008-06-10 15:50:25 96966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50:25 88774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48:09 0 d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48:09 0 d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47:45 129056 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47:45 4632352 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 14:56:42 98560 --a------ H:\WINDOWS\system32\raubhtya.dll
2008-06-10 14:51:31 90288 --a------ H:\WINDOWS\system32\sxasyybg.dll
2008-06-10 14:50:42 333505 --ahs---- H:\WINDOWS\system32\QAbdNXyb.ini2
2008-06-10 14:50:32 318192 --a------ H:\WINDOWS\system32\byXNdbAQ.dll
2008-06-10 12:37:55 98560 --a------ H:\WINDOWS\system32\hoaueaak.dll
2008-06-10 12:34:55 84688 --a------ H:\WINDOWS\system32\provocyc.dll
2008-06-10 12:33:01 90288 --a------ H:\WINDOWS\system32\ysypkcap.dll
2008-06-10 11:37:51 98544 --a------ H:\WINDOWS\system32\nmeiytlx.dll
2008-06-10 11:35:29 90336 --a------ H:\WINDOWS\system32\wpymgnly.dll
2008-06-10 11:34:49 331775 --ahs---- H:\WINDOWS\system32\XIQBbccf.ini2
2008-06-10 11:34:46 318208 --a------ H:\WINDOWS\system32\fccbBQIX.dll
2008-06-10 07:23:02 25344 --a------ H:\WINDOWS\system32\ssqRLDVm.dll
2008-06-08 21:45:29 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Sun
2008-06-08 21:43:27 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Macromedia
2008-06-08 21:39:58 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Adobe
2008-06-08 21:39:30 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Google
2008-06-08 21:32:44 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-06-08 21:29:19 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Identities
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\Templates
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\Start Menu
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\SendTo
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\Recent
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\PrintHood
2008-06-08 21:28:42 1048576 --ah----- H:\Documents and Settings\Kodygh\NTUSER.DAT
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\NetHood
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\My Documents
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\Local Settings
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\Favorites
2008-06-08 21:28:42 0 d-------- H:\Documents and Settings\Kodygh\Desktop
2008-06-08 21:28:42 0 d--hs---- H:\Documents and Settings\Kodygh\Cookies
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\Application Data
2008-06-08 21:28:42 0 d---s---- H:\Documents and Settings\Kodygh\Application Data\Microsoft
2008-06-07 17:21:47 139876 --a------ H:\WINDOWS\system32\mlJAsSJa.dll
2008-06-06 15:49:47 346961 --ahs---- H:\WINDOWS\system32\MSssAyxx.ini2
2008-06-06 15:49:39 316144 --a------ H:\WINDOWS\system32\xxyAssSM.dll
2008-06-06 15:44:09 25296 --a------ H:\WINDOWS\system32\qoMcbcBq.dll
2008-06-04 16:22:47 0 d-------- H:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-06-23 17:48:53 0 d-------- H:\Program Files\Windows Live
2008-06-16 19:13:13 0 d-------- H:\Program Files\Nero
2008-06-16 19:13:12 0 d-------- H:\Program Files\Common Files
2008-06-14 22:02:42 7885 --a------ H:\Program Files\hijackthis.log
2008-06-10 17:48:12 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 17:39:53 0 d-------- H:\Program Files\Common Files\Symantec Shared
2008-06-10 16:59:33 0 d-------- H:\Program Files\Norton 360
2008-05-21 15:03:03 0 d-------- H:\Program Files\Rogers
2008-05-04 12:14:34 0 d-------- H:\Documents and Settings\Stacy\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{683E2552-188D-4F53-BC4C-32E0E94771E1}]
06/06/2008 03:44 PM 25296 --a------ H:\WINDOWS\system32\qoMcbcBq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B26B3CB-025E-451C-9933-AA8E36E89B30}]
06/06/2008 03:49 PM 316144 --a------ H:\WINDOWS\system32\xxyAssSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{993e845d-332a-4847-b4de-9c0f19c599c9}]
06/26/2008 06:07 PM 107968 --a------ H:\WINDOWS\system32\dwrvojcr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [03/08/2005 04:00 AM]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/29/2005 11:16 PM]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [06/08/2007 08:24 PM]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Flag Owns Live Grim"="H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe" [06/26/2008 05:38 PM]
"AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"423b2b70"="H:\WINDOWS\system32\ilpsexce.dll" [06/26/2008 05:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/18/2007 03:54 AM]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{683E2552-188D-4F53-BC4C-32E0E94771E1}"= H:\WINDOWS\system32\qoMcbcBq.dll [06/06/2008 03:44 PM 25296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMcbcBq]
qoMcbcBq.dll 06/06/2008 03:44 PM 25296 H:\WINDOWS\system32\qoMcbcBq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 H:\WINDOWS\system32\xxyAssSM


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
AutoRun\command- J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-26 18:16:55 ------------
Attached Files
File Type: txt extra.txt (12.2 KB, 6 views)
jimmydime is offline