Thread: Crazy Popups and Spyware now no Desktop
View Single Post
Old 05-08-2007, 09:22 PM   #1 (permalink)
Kicks
Registered User
 
Join Date: Mar 2007
Posts: 20
OS: XP


Crazy Popups and Spyware now no Desktop
I had problems for a while, then got help here and everything was working fairly well. Every once in a while, there'd be a popup or two. Then my comp started slowing down tons randomly--like for 30 seconds i couldn't do anything then for 5-10 seconds i could do stuff, then it'd start back to 30 not being able to do anything. Then like a day later I started up my computer and my desktop was blank. So now I don't have a desktop literally just the wallpaper, no start menu or status bar or anything. Now I have to start programs, and access files, etc through task manager. I did most of the steps in the tutorial on this site, but couldnt do some of it because some programs won't start.
Here's my log with the extra log as an attachment...

Deckard's System Scanner v20070426.43
Run by Ocha on 2007-05-08 at 20:53:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2007-05-09 02:53:32 UTC - RP1432 - Deckard's System Scanner Restore Point
47: 2007-05-05 06:49:40 UTC - RP1431 - Spybot-S&D Spyware removal
46: 2007-05-04 22:33:58 UTC - RP1430 - Installed AVG 7.5
45: 2007-05-04 20:34:38 UTC - RP1429 - Installed AVG 7.5
44: 2007-05-04 20:33:48 UTC - RP1428 - Removed AVG 7.5


-- First Restore Point --
1: 2007-03-21 05:33:15 UTC - RP1385 - Spybot-S&D Spyware removal


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Ocha.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:01:29 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ocha\Desktop\dss.exe
C:\DOCUME~1\Ocha\Desktop\Ocha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20C18254-E44C-468D-B564-C0C80AABF138} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {B2BCD0D0-480D-4ADE-B1D4-2E64DE0AB339} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\hggghhi.dll
O2 - BHO: (no name) - {F766D392-9489-457E-BEEE-1EBC06B684C1} - (no file)
O2 - BHO: (no name) - {F891E065-E7FC-4136-B19F-ACFE3D8BEB28} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\opadrygv.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163648224296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos.com/component/QbicUpdate.CAB
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos.com/component/Qbic.CAB
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://app.filebank.co.jp/setup/win/fbx2.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll (file missing)
O20 - Winlogon Notify: hggghhi - C:\WINDOWS\SYSTEM32\hggghhi.dll
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O20 - Winlogon Notify: rqrqnkh - C:\WINDOWS\SYSTEM32\rqrqnkh.dll
O20 - Winlogon Notify: rqrqrsp - C:\WINDOWS\SYSTEM32\rqrqrsp.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\lt0027dmg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrvc32 - C:\WINDOWS\SYSTEM32\winrvc32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S2 poof - c:\windows\system32\poof (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 kprof - c:\windows\system32\kprof (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-05-08 21:02:00 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (D6FYH341-Ocha).job
2007-05-03 02:01:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-04-08 and 2007-05-08 -----------------------------

2007-05-08 20:46:39 0 d-------- C:\WINDOWS\LastGood
2007-05-04 16:35:00 0 d-------- C:\Documents and Settings\Ocha\Application Data\AVG7
2007-05-04 16:34:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-04 16:34:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-04 14:34:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-05-04 02:07:44 1397965 ---hs---- C:\WINDOWS\system32\ihkmp.bak1
2007-05-04 02:07:31 284244 ---hs---- C:\WINDOWS\system32\pmkhi.dll
2007-05-04 00:19:40 1404852 --ahs---- C:\WINDOWS\system32\accdd.ini2
2007-05-04 00:00:11 132660 --a------ C:\WINDOWS\system32\wgqqfxwu.dll
2007-05-03 23:59:40 49204 --a------ C:\WINDOWS\system32\yaahaabj.dll
2007-05-03 23:58:33 48708 --a------ C:\WINDOWS\system32\mykeicfv.dll
2007-05-03 23:58:24 123972 --a------ C:\WINDOWS\system32\lhreegfk.dll
2007-05-03 23:24:41 132660 --a------ C:\WINDOWS\system32\yvtamght.dll
2007-05-03 23:24:35 49204 --a------ C:\WINDOWS\system32\tbtpbhwg.dll
2007-05-02 23:24:24 49204 --a------ C:\WINDOWS\system32\xrpnujna.dll
2007-05-02 23:24:04 123972 --a------ C:\WINDOWS\system32\rddaupcq.dll
2007-05-02 00:39:19 132660 --a------ C:\WINDOWS\system32\qjteiteg.dll
2007-05-01 19:01:36 49204 --a------ C:\WINDOWS\system32\ybbdmdyh.dll
2007-05-01 15:17:16 132660 --a------ C:\WINDOWS\system32\uwncsdug.dll
2007-05-01 15:13:33 64000 --a------ C:\WINDOWS\system32\tz***ke.dll
2007-05-01 15:13:33 86528 --a------ C:\WINDOWS\system32\rifakdn.dll
2007-05-01 15:13:23 26678 --a------ C:\WINDOWS\system32\mljiigg.dll
2007-05-01 13:18:15 49204 --a------ C:\WINDOWS\system32\uwcvlbvk.dll
2007-05-01 12:01:14 26678 --a------ C:\WINDOWS\system32\jkkklmk.dll
2007-05-01 03:06:41 49204 --a------ C:\WINDOWS\system32\uapxpolu.dll
2007-04-30 20:26:23 132660 --a------ C:\WINDOWS\system32\ndkpqqdm.dll
2007-04-30 03:06:02 49204 --a------ C:\WINDOWS\system32\kjomwogi.dll
2007-04-30 00:20:59 132660 --a------ C:\WINDOWS\system32\wdtglthu.dll
2007-04-29 14:38:02 49204 --a------ C:\WINDOWS\system32\qxctnxpm.dll
2007-04-28 15:48:18 132660 --a------ C:\WINDOWS\system32\rxxlucql.dll
2007-04-28 15:16:40 49204 --a------ C:\WINDOWS\system32\ydefqvoy.dll
2007-04-28 13:49:04 49204 --a------ C:\WINDOWS\system32\blhayobg.dll
2007-04-28 13:32:31 49204 --a------ C:\WINDOWS\system32\tpqnriqt.dll
2007-04-28 13:32:24 132660 --a------ C:\WINDOWS\system32\intpbbjn.dll
2007-04-27 13:32:11 49204 --a------ C:\WINDOWS\system32\degbqpbb.dll
2007-04-26 13:31:47 49204 --a------ C:\WINDOWS\system32\bgialedu.dll
2007-04-26 13:30:45 132660 --a------ C:\WINDOWS\system32\reitfvrx.dll
2007-04-25 13:18:16 53248 --a------ C:\WINDOWS\system32\bbdacadfbcebcd.dll
2007-04-25 13:17:59 26678 --a------ C:\WINDOWS\system32\ljjijji.dll
2007-04-25 13:17:55 86528 --a------ C:\WINDOWS\system32\zpcxcyc.dll
2007-04-25 13:17:55 63488 --a------ C:\WINDOWS\system32\cpiicbc.dll
2007-04-25 13:08:41 132660 --a------ C:\WINDOWS\system32\wshvhhdn.dll
2007-04-24 13:08:21 123972 --a------ C:\WINDOWS\system32\yxtfddyi.dll
2007-04-23 13:08:01 123972 --a------ C:\WINDOWS\system32\kgasnsap.dll
2007-04-22 13:08:01 123972 --a------ C:\WINDOWS\system32\gedvaeuy.dll
2007-04-21 13:07:52 123972 --a------ C:\WINDOWS\system32\eemhwsft.dll
2007-04-20 12:01:11 123972 --a------ C:\WINDOWS\system32\earecjiy.dll
2007-04-19 13:10:53 123972 --a------ C:\WINDOWS\system32\kfuvyklj.dll
2007-04-18 10:41:49 123972 --a------ C:\WINDOWS\system32\wqwckotc.dll
2007-04-18 10:41:43 48708 --a------ C:\WINDOWS\system32\hhmedaaa.dll
2007-04-17 16:32:56 123972 --a------ C:\WINDOWS\system32\tpoijgkk.dll
2007-04-17 16:32:49 48708 --a------ C:\WINDOWS\system32\ncpgaiet.dll
2007-04-17 13:46:53 123972 --a------ C:\WINDOWS\system32\jnmagthi.dll
2007-04-17 13:46:45 48708 --a------ C:\WINDOWS\system32\sixaqihu.dll
2007-04-16 12:55:24 48708 --a------ C:\WINDOWS\system32\wwvbnrpm.dll
2007-04-16 12:55:17 123972 --a------ C:\WINDOWS\system32\mtcwufve.dll
2007-04-15 12:55:20 48708 --a------ C:\WINDOWS\system32\lqlhgjse.dll
2007-04-15 12:55:10 123972 --a------ C:\WINDOWS\system32\kgsrqhvx.dll
2007-04-14 12:55:03 123972 --a------ C:\WINDOWS\system32\icyakemp.dll
2007-04-14 12:54:56 48708 --a------ C:\WINDOWS\system32\yjfdfpuc.dll
2007-04-14 03:58:25 0 d-------- C:\Program Files\GUILTY GEAR XX #RELOAD
2007-04-13 12:54:53 123972 --a------ C:\WINDOWS\system32\aerusvyq.dll
2007-04-13 12:54:48 48708 --a------ C:\WINDOWS\system32\gifjtttp.dll
2007-04-12 12:54:32 48708 --a------ C:\WINDOWS\system32\htluklhh.dll
2007-04-12 12:54:22 123972 --a------ C:\WINDOWS\system32\sjoveprq.dll
2007-04-11 12:54:17 123972 --a------ C:\WINDOWS\system32\nxuhjguy.dll
2007-04-11 12:54:14 48708 --a------ C:\WINDOWS\system32\kcnwgirq.dll
2007-04-10 12:54:45 48708 --a------ C:\WINDOWS\system32\wlglbagg.dll


-- Find3M Report ---------------------------------------------------------------

2007-05-03 23:59:38 1407118 --ahs---- C:\WINDOWS\system32\accdd.bak2
2007-05-03 23:24:29 1406912 --ahs---- C:\WINDOWS\system32\accdd.bak1
2007-05-03 13:01:21 0 d-------- C:\Documents and Settings\Ocha\Application Data\WeatherBug
2007-05-03 11:41:30 13358 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-03 11:37:35 0 d-------- C:\Program Files\WAV to MP3 Encoder
2007-05-01 15:13:44 32179 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-04-26 19:44:01 0 d-------- C:\Program Files\mIRC
2007-04-25 13:12:37 0 d-------- C:\Documents and Settings\Ocha\Application Data\uTorrent
2007-04-05 01:52:52 123972 --a------ C:\WINDOWS\system32\mhorooet.dll
2007-04-03 23:50:12 123972 --a------ C:\WINDOWS\system32\wjsqitew.dll
2007-04-02 23:50:00 123972 --a------ C:\WINDOWS\system32\wlhjlhkf.dll
2007-03-31 23:50:04 123972 --a------ C:\WINDOWS\system32\ptrdwkfn.dll
2007-03-30 18:20:32 123972 --a------ C:\WINDOWS\system32\dkfwuaaq.dll
2007-03-29 18:20:20 123972 --a------ C:\WINDOWS\system32\olhgvblf.dll
2007-03-29 15:23:46 26730 --a------ C:\WINDOWS\system32\hggghhi.dll
2007-03-28 21:53:39 26694 --a------ C:\WINDOWS\system32\rqrqrsp.dll
2007-03-28 21:53:36 86016 --a------ C:\WINDOWS\system32\ywdlat.dll
2007-03-28 21:53:36 63488 --a------ C:\WINDOWS\system32\xgokgxl.dll
2007-03-28 21:00:21 26730 --a------ C:\WINDOWS\system32\opnollk.dll
2007-03-28 18:20:27 123972 --a------ C:\WINDOWS\system32\wfuefcro.dll
2007-03-28 15:51:51 88340 --a------ C:\WINDOWS\system32\crhbthsg.exe
2007-03-28 12:08:32 26730 --a------ C:\WINDOWS\system32\ddcddee.dll
2007-03-27 18:25:04 26730 --a------ C:\WINDOWS\system32\iifdbby.dll
2007-03-27 18:24:55 26730 --a------ C:\WINDOWS\system32\hggeedc.dll
2007-03-27 18:19:56 123972 --a------ C:\WINDOWS\system32\pkqsgdhv.dll
2007-03-25 13:37:48 123972 --a------ C:\WINDOWS\system32\ktjbojyx.dll
2007-03-24 13:37:15 123972 --a------ C:\WINDOWS\system32\ihcktuhl.dll
2007-03-23 11:48:49 0 d-------- C:\Program Files\Windows Media Connect 2
2007-03-23 11:38:08 123972 --a------ C:\WINDOWS\system32\bwsospkg.dll
2007-03-21 20:42:38 123412 --a------ C:\WINDOWS\system32\kssvunku.dll
2007-03-21 01:41:55 81408 --a------ C:\WINDOWS\system32\qvcjvfj.dll
2007-03-21 01:41:43 26697 --a------ C:\WINDOWS\system32\wvuroml.dll
2007-03-21 00:08:42 123412 --a------ C:\WINDOWS\system32\upbjulrs.dll
2007-03-20 23:49:53 88340 --a------ C:\WINDOWS\system32\cblnaujn.exe
2007-03-19 17:08:20 123412 --a------ C:\WINDOWS\system32\kvcubxfj.dll
2007-03-19 09:43:19 81920 --a------ C:\WINDOWS\system32\clhrzsb.dll
2007-03-19 02:56:24 123412 --a------ C:\WINDOWS\system32\itavxogk.dll
2007-03-18 13:39:32 88340 --a------ C:\WINDOWS\system32\tbhiovre.exe
2007-03-17 22:27:53 123412 --a------ C:\WINDOWS\system32\dxrnigeu.dll
2007-03-17 20:15:28 123412 --a------ C:\WINDOWS\system32\tytkvwbo.dll
2007-03-16 04:55:24 123412 --a------ C:\WINDOWS\system32\mtsuaxsi.dll
2007-03-14 14:56:20 123412 --a------ C:\WINDOWS\system32\mbcepkum.dll
2007-03-14 14:38:19 81408 --a------ C:\WINDOWS\system32\dntopsd.dll
2007-03-14 14:36:34 88340 --a------ C:\WINDOWS\system32\xxfmnjel.exe
2007-03-13 20:11:43 80896 --a------ C:\WINDOWS\system32\phyeppn.dll
2007-03-13 18:45:35 123412 --a------ C:\WINDOWS\system32\pojaqrhe.dll
2007-03-12 18:44:58 88340 --a------ C:\WINDOWS\system32\llspecey.exe
2007-03-12 14:39:02 81408 --a------ C:\WINDOWS\system32\nwqajmf.dll
2007-03-12 14:36:58 88340 --a------ C:\WINDOWS\system32\jpuiilem.exe
2007-03-12 03:11:47 81408 --a------ C:\WINDOWS\system32\qeeddch.dll
2007-03-12 01:51:18 123412 --a------ C:\WINDOWS\system32\mjgajopn.dll
2007-03-12 01:20:30 0 d-------- C:\Program Files\Enigma Software Group
2007-03-12 01:12:43 88340 --a------ C:\WINDOWS\system32\tflieeyh.exe
2007-03-12 01:12:32 118804 --a------ C:\WINDOWS\system32\ihiurmnv.dll
2007-03-11 22:54:29 0 d-------- C:\Program Files\Ultimate Cleaner
2007-03-11 22:24:46 57344 --a------ C:\WINDOWS\system32\jgnxjbj.dll
2007-03-11 22:24:44 81408 --a------ C:\WINDOWS\system32\trdqsad.dll
2007-03-11 21:59:48 123412 --a------ C:\WINDOWS\system32\nnllxerx.dll
2007-03-11 21:46:22 123412 --a------ C:\WINDOWS\system32\yfoehcva.dll
2007-03-11 21:34:09 118804 --a------ C:\WINDOWS\system32\onpiilhh.dll
2007-03-11 20:45:23 123412 --a------ C:\WINDOWS\system32\pugltxxx.dll
2007-03-11 19:45:16 123412 --a------ C:\WINDOWS\system32\prmongnd.dll
2007-03-11 17:58:13 123412 --a------ C:\WINDOWS\system32\lnctgwjo.dll
2007-03-10 17:32:08 123412 --a------ C:\WINDOWS\system32\kdtrappr.dll
2007-03-08 16:36:17 123412 --a------ C:\WINDOWS\system32\djoyyajx.dll
2007-03-07 14:34:26 123412 --a------ C:\WINDOWS\system32\xeqtdwuj.dll
2007-03-06 18:20:45 123412 --a------ C:\WINDOWS\system32\ljrqvomj.dll
2007-03-06 17:49:08 118804 --a------ C:\WINDOWS\system32\apmkkqjo.dll
2007-03-05 17:48:57 118804 --a------ C:\WINDOWS\system32\ubjneqqv.dll
2007-03-04 22:22:53 0 --a------ C:\WINDOWS\winuk.dll
2007-03-04 22:22:37 149504 --a------ C:\WINDOWS\UNWISE.EXE
2007-03-04 22:22:33 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-03-04 22:22:05 0 --a------ C:\WINDOWS\test
2007-03-04 22:22:04 0 --a------ C:\WINDOWS\sysxr32.dll
2007-03-04 22:21:41 7473 --a------ C:\WINDOWS\plqca.dat
2007-03-04 22:21:38 3547 --a------ C:\WINDOWS\oncsc.dat
2007-03-04 22:21:38 0 --a----c- C:\WINDOWS\ofqd.exe
2007-03-04 22:21:34 0 --a----c- C:\WINDOWS\n_xdrfqf.dat
2007-03-04 22:21:34 29256 --a------ C:\WINDOWS\n_aqcvyu.dat
2007-03-04 22:21:34 29256 --a------ C:\WINDOWS\n_aakuom.dat
2007-03-04 22:21:33 0 --a----c- C:\WINDOWS\ntiy.dll
2007-03-04 22:21:32 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-04 22:21:32 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
2007-03-04 22:21:31 0 --a----c- C:\WINDOWS\mstasks4.exe
2007-03-04 22:21:25 0 --a----c- C:\WINDOWS\mfqwx.dll
2007-03-04 22:21:24 0 --a----c- C:\WINDOWS\mfcca.dll
2007-03-04 22:21:06 0 --a----c- C:\WINDOWS\javamf.dll
2007-03-04 22:21:06 0 --a----c- C:\WINDOWS\javago32.dll
2007-03-04 22:21:06 0 --a----c- C:\WINDOWS\ieli.dll
2007-03-04 22:21:06 0 --a----c- C:\WINDOWS\hsyua.dll
2007-03-04 22:20:55 8192 --a------ C:\WINDOWS\d3dx.dat
2007-03-04 22:20:55 0 --a----c- C:\WINDOWS\crsk32.dll
2007-03-04 22:20:54 0 --a----c- C:\WINDOWS\crge32.dll
2007-03-04 22:19:32 0 --a----c- C:\WINDOWS\b2_t_%22NEKKETSU+KOUHA+KUNIO-KUN
2007-03-04 22:18:59 0 --a----c- C:\WINDOWS\apidx.dll
2007-03-04 17:48:50 118804 --a------ C:\WINDOWS\system32\cqphiukm.dll
2007-03-03 17:30:46 88340 --a------ C:\WINDOWS\system32\yirlujiu.exe
2007-03-03 17:30:40 118804 --a------ C:\WINDOWS\system32\dqtqfixt.dll
2007-03-03 17:13:41 26637 --ahs---- C:\WINDOWS\system32\rqrqnkh.dll
2007-03-03 17:13:25 81408 --a------ C:\WINDOWS\system32\ungpwhe.dll
2007-03-03 17:13:25 57344 --a------ C:\WINDOWS\system32\rqaatzc.dll
2007-03-03 17:13:17 20992 --a------ C:\WINDOWS\system32\winrvc32.dll
2007-03-03 17:13:06 2 --a------ C:\1145084210
2007-02-19 15:45:33 155648 --a------ C:\WINDOWS\system32\PoporuAgent.exe <Not Verified; (?) ?? ??????; ??? ?? ?? ????>
2007-02-19 15:45:33 106496 --a------ C:\WINDOWS\system32\PoporuAgent.dll <Not Verified; (?) ?? ??????; ??? ?? ?? ????>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{20C18254-E44C-468D-B564-C0C80AABF138} C:\WINDOWS\system32\ddcca.dll [x]
{B2BCD0D0-480D-4ADE-B1D4-2E64DE0AB339} C:\WINDOWS\system32\pmkhi.dll
{E44527F6-1296-4A84-B67D-A6CEA6ED4B69} C:\WINDOWS\system32\hggghhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"VaCtrls"="v7"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\opadrygv.dll\",realset"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Sonic RecordNow!"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{904CCFDB-F34A-4A0A-8B09-B2F33A4FBF05}"=""
"{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggghhi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqnkh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqrsp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Shell Extensions
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Shell Extentions
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="csvde.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ \0scecli\0scecli\0scecli\0scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bridge"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\Downloaded Program Files\\bridge.dll\",Load"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-08 at 21:03:41 ---------

Any help would be much appreciated. Thanks!
-K
Attached Files
File Type: txt extra.txt (11.5 KB, 1 views)
Kicks is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here