Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Need HJT Log Help - Popups, Windows Update Disabled Need HJT Log Help - Popups, Windows Update Disabled
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 07-06-2008, 03:27 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 2
OS: XP


Need HJT Log Help - Popups, Windows Update Disabled
I am running Windows XP SP2. Have started getting popups that won't go away even after apparent cleansing. Also, my Windows Update function no longer works and I cannot restart it.....Help please

Ran ActiveScan and it found the following suspicious files:

C:\WINDOWS\nswatchdog.exe
C:\WINDOWS\SYSTEM32\LJPOLAGU.DLL
C\WINDOWS\SYSTEM32\JDQNJVET.DLL

DSS Main.txt is as follows:

Deckard's System Scanner v20071014.68
Run on 2008-07-06 17:11:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
101: 2008-07-06 22:11:49 UTC - RP214 - Deckard's System Scanner Restore Point
100: 2008-07-06 19:33:39 UTC - RP213 - Removed Google Toolbar for Internet Explorer
99: 2008-07-06 00:32:10 UTC - RP212 - Norton 360 Registry Clean
98: 2008-07-05 04:31:26 UTC - RP211 - System Checkpoint
97: 2008-07-04 00:03:56 UTC - RP210 - System Checkpoint


-- First Restore Point --
1: 2008-06-29 21:12:57 UTC - RP114 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-06 17:13:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe
C:\Documents and Settings\Reese\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\ljJabYpQ.dll
O2 - BHO: (no name) - {2FF82065-FE0D-4F46-B642-31D274F1E95B} - (no file)
O2 - BHO: (no name) - {379097EA-194B-4FD5-B97A-E898AE4D9E1C} - C:\WINDOWS\system32\iifcCsQK.dll (file missing)
O2 - BHO: (no name) - {3CAFA145-A22D-40FF-8E80-17ED4EB4D18B} - C:\WINDOWS\system32\qoMeCtUl.dll
O2 - BHO: {4943e4e2-34ca-141a-2914-9e1d6f6145f4} - {4f5416f6-d1e9-4192-a141-ac432e4e3494} - C:\WINDOWS\system32\sbareh.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: (no name) - {667BDB75-D814-4B47-9BC0-E1159D390001} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {75B79011-66D1-4659-9C36-EF835D058141} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {94D559E9-27B0-4C2C-9A71-2D1A03768451} - (no file)
O2 - BHO: (no name) - {A8455235-9536-452D-98E4-D47046149C85} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b921d3bc-964f-4fda-b39c-7481b7f9a429} - (no file)
O2 - BHO: (no name) - {BD35D750-889B-4747-ADA5-2D2E72BE21F6} - (no file)
O2 - BHO: (no name) - {E6D335D4-50B8-455F-9068-9C921947C255} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [301c6862] rundll32.exe "C:\WINDOWS\system32\wbgkspmp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Install Pending Files.LNK
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Audible Download Manager.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www.coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200454782139
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215263294328
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V...ACNePlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/even...445/MILive.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: ljJabYpQ - C:\WINDOWS\system32\ljJabYpQ.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 14089 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nnrnstdi - c:\windows\system32\drivers\nnrnstdi.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R3 km_filter - c:\windows\system32\drivers\km_filter.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>

S3 iscFlash - c:\windows\system32\drivers\iscflash.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-04 18:00:04 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-06-30 1006 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 17:03:57 21312 --a------ C:\WINDOWS\choice.exe
2008-07-06 17:03:32 0 d-------- C:\ie-spyad
2008-07-06 17:02:45 258560 --a------ C:\Program Files\ie-spyad.exe
2008-07-06 16:58:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-06 15:51:42 0 d-------- C:\Program Files\Panda Security
2008-07-06 15:51:38 0 d-------- C:\WINDOWS\LastGood
2008-07-06 14:32:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-06 07:17:01 0 d-------- C:\Program Files\Enigma Software Group
2008-07-05 19:45:26 106320 --a------ C:\WINDOWS\system32\sbareh.dll
2008-07-05 19:45:25 106320 --a------ C:\WINDOWS\system32\hxotmlxh.dll
2008-07-05 19:43:05 82240 --a------ C:\WINDOWS\system32\ybsatehd.dll
2008-07-05 19:42:24 525540 --ahs---- C:\WINDOWS\system32\lUtCeMoq.ini2
2008-07-05 19:42:21 315136 --a------ C:\WINDOWS\system32\qoMeCtUl.dll
2008-07-05 13:14:36 0 d-------- C:\Program Files\Windows Sidebar
2008-07-05 13:14:18 0 d-------- C:\Program Files\Norton 360
2008-07-05 13:08:31 0 d-------- C:\Program Files\Symantec
2008-07-05 13:08:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-05 13:07:30 106320 --a------ C:\WINDOWS\system32\nsslxevt.dll
2008-07-05 13:07:30 106320 --a------ C:\WINDOWS\system32\mmiajl.dll
2008-07-05 12:34:29 477246 --ahs---- C:\WINDOWS\system32\KQsCcfii.ini2
2008-07-05 12:28:48 0 d--hs---- C:\FOUND.002
2008-07-05 10:35:32 0 d-------- C:\Documents and Settings\Reese\Application Data\Symantec
2008-07-05 10:31:54 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-05 01:46:13 6683 --ahs---- C:\WINDOWS\system32\RAJRBJlm.ini2
2008-07-04 21:57:59 0 d-------- C:\Program Files\DivX
2008-07-03 22:40:20 106192 --a------ C:\WINDOWS\system32\drggop.dll
2008-07-03 22:40:19 106192 --a------ C:\WINDOWS\system32\bhniycey.dll
2008-07-03 22:38:25 85376 --a------ C:\WINDOWS\system32\wxbiqiyn.dll
2008-07-03 22:37:18 503716 --ahs---- C:\WINDOWS\system32\JTuvCfhk.ini2
2008-07-03 15:20:29 106192 --a------ C:\WINDOWS\system32\sotocu.dll
2008-07-03 15:20:28 106192 --a------ C:\WINDOWS\system32\tfnmscbi.dll
2008-07-03 12:38:15 491462 --ahs---- C:\WINDOWS\system32\sCKTCJlm.ini2
2008-07-03 09:47:47 482143 --ahs---- C:\WINDOWS\system32\giQrCJjl.ini2
2008-07-02 18:36:08 85248 --a------ C:\WINDOWS\system32\ljpolagu.dll
2008-07-02 18:34:04 106272 --a------ C:\WINDOWS\system32\lxjiip.dll
2008-07-02 18:34:03 106272 --a------ C:\WINDOWS\system32\wpyxinag.dll
2008-07-02 18:33:07 478777 --ahs---- C:\WINDOWS\system32\sBLSBcdd.ini2
2008-07-02 16:17:11 106272 --a------ C:\WINDOWS\system32\qnaygr.dll
2008-07-02 16:17:10 106272 --a------ C:\WINDOWS\system32\jtgkfqoj.dll
2008-07-02 16:17:07 85248 --a------ C:\WINDOWS\system32\jdqnjvet.dll
2008-06-29 16:12:44 476720 --ahs---- C:\WINDOWS\system32\UCbegMoq.ini2
2008-06-29 16:07:27 25504 --a------ C:\WINDOWS\system32\ljJabYpQ.dll
2008-06-10 1532 0 d-------- C:\Documents and Settings\Reese\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2008-06-29 15:21:08 51288 --a------ C:\Documents and Settings\Reese\Application Data\GDIPFONTCACHEV1.DAT
2008-05-25 11:08:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 11:03:14 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-09 16:01:44 0 d-------- C:\Program Files\Amazon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11A7A749-0381-4AE2-940B-27EC006D6006}]
06/29/2008 04:07 PM 25504 --a------ C:\WINDOWS\system32\ljJabYpQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF82065-FE0D-4F46-B642-31D274F1E95B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{379097EA-194B-4FD5-B97A-E898AE4D9E1C}]
C:\WINDOWS\system32\iifcCsQK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAFA145-A22D-40FF-8E80-17ED4EB4D18B}]
07/05/2008 07:42 PM 315136 --a------ C:\WINDOWS\system32\qoMeCtUl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f5416f6-d1e9-4192-a141-ac432e4e3494}]
07/05/2008 07:45 PM 106320 --a------ C:\WINDOWS\system32\sbareh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{667BDB75-D814-4B47-9BC0-E1159D390001}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/05/2008 01:15 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75B79011-66D1-4659-9C36-EF835D058141}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94D559E9-27B0-4C2C-9A71-2D1A03768451}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8455235-9536-452D-98E4-D47046149C85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b921d3bc-964f-4fda-b39c-7481b7f9a429}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD35D750-889B-4747-ADA5-2D2E72BE21F6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6D335D4-50B8-455F-9068-9C921947C255}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"PROMon.exe"="PROMon.exe" [04/18/2002 06:32 PM C:\WINDOWS\system32\PROMon.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"MegaPanel"="C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [05/11/2006 02:30 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 08:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [07/13/2007 03:01 PM]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [03/06/2007 11:21 AM]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [11/16/2007 06:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"301c6862"="C:\WINDOWS\system32\wbgkspmp.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/24/2008 02:19 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 08:23 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 10:15 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11A7A749-0381-4AE2-940B-27EC006D6006}"= C:\WINDOWS\system32\ljJabYpQ.dll [06/29/2008 04:07 PM 25504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJabYpQ]
ljJabYpQ.dll 06/29/2008 04:07 PM 25504 C:\WINDOWS\system32\ljJabYpQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeCtUl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST


-- End of Deckard's System Scanner: finished at 2008-07-06 17:15:23 ------------
Attached Files
File Type: txt extra.txt (15.3 KB, 0 views)
mmr1310 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-06-2008, 07:31 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 2
OS: XP


Re: Need HJT Log Help - Popups, Windows Update Disabled
mmr1310 here again, just some more data points for analysis:

On reboot, I get a message that says Error loading C:\WINDOWS\System32\wbgkspmp.dll

After I open IE, other instances of IE will "pop" open with ads for things like registrydefender.com, fubar.com, hornymatches.com, gogopayday.com. I also get one of those fake "your system is infected" ads.

As mentioned, now my Automatic Windows Update is disabled and I can't restart it in Services. More distressing is that I've gone to microsoft.com to try to check update manually and it just crashes IE.

I've run multiple scans on the system; I have Norton 360 installed, I've run Spybot SD, etc. IT JUST KEEPS COMING BACK!
mmr1310 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82