Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help with constant pop ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 06-15-2008, 08:26 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Help with constant pop ups
Hello. First off, I am submitting this log file for a friend of mine who has little or no knowledge of computers or software.
The problem is that IE starts itself when a user logs on to the PC and the open IE window is completely taken over by pop-ups and banners. This PC is running Win XP SP 2, but windows update functions have been disabled by something.
I have looked at the HJT log file and see a couple of suspicious entries but wanted to submit it to the professionals before taking any action. Thank you for your consideration and time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:39 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\Rundll32.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [423b2b70] rundll32.exe "H:\WINDOWS\system32\rimwbovp.dll",b
O4 - HKLM\..\Run: [BM1736e4a6] Rundll32.exe "H:\WINDOWS\system32\nohebmjr.dll",s
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA
O8 - Extra context menu item: Add to Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7829 bytes
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-19-2008, 10:32 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2008, 07:49 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
I am having trouble with the scan. Will have info as soon as possible.
Last edited by jimmydime; 06-25-2008 at 07:52 PM.
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2008, 08:27 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
What sort of trouble? I can help you if it's erroring out. Let me know what module DSS is scanning when that happens, if that's the trouble.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2008, 05:36 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Ok, finally got the scans and the log files. My trouble is trying to walk someone who has no technical or computer knowledge through this. Thank you for your patience.

Deckard's System Scanner v20071014.68
Run by Stacy on 2008-06-26 18:16:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Stacy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:04 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Documents and Settings\Stacy\Desktop\dss.exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\Stacy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {683E2552-188D-4F53-BC4C-32E0E94771E1} - H:\WINDOWS\system32\qoMcbcBq.dll
O2 - BHO: (no name) - {6B26B3CB-025E-451C-9933-AA8E36E89B30} - H:\WINDOWS\system32\xxyAssSM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {9c995c91-f0c9-ed4b-7484-a233d548e399} - {993e845d-332a-4847-b4de-9c0f19c599c9} - H:\WINDOWS\system32\dwrvojcr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [423b2b70] rundll32.exe "H:\WINDOWS\system32\ilpsexce.dll",b
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [multibits] C:\DOCUME~1\Kody\APPLIC~1\PING01~1\4fast.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: GameSpot Download Manager.lnk = H:\Program Files\GameSpot\GDM_TrayApp.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1013 Startup: LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA
O8 - Extra context menu item: Add to Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: qoMcbcBq - H:\WINDOWS\SYSTEM32\qoMcbcBq.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11090 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 18:07:26 107968 --a------ H:\WINDOWS\system32\dwrvojcr.dll
2008-06-26 17:39:48 84944 --a------ H:\WINDOWS\system32\ilpsexce.dll
2008-06-26 17:37:46 91568 --a------ H:\WINDOWS\system32\nrxbqkwu.dll
2008-06-26 14:53:04 107968 --a------ H:\WINDOWS\system32\vjbokgtu.dll
2008-06-26 14:50:15 84944 --a------ H:\WINDOWS\system32\nselirkd.dll
2008-06-26 14:49:53 91568 --a------ H:\WINDOWS\system32\biuslttf.dll
2008-06-26 14:40:56 91568 --a------ H:\WINDOWS\system32\dqomrclo.dll
2008-06-25 14:29:42 107936 --a------ H:\WINDOWS\system32\sblbkkxc.dll
2008-06-25 14:26:46 84880 -----n--- H:\WINDOWS\system32\tdbyyeaa.dll
2008-06-25 14:23:43 91472 --a------ H:\WINDOWS\system32\ujbnotly.dll
2008-06-24 18:49:26 101728 --a------ H:\WINDOWS\system32\lsunupcy.dll
2008-06-24 18:43:37 91488 --a------ H:\WINDOWS\system32\tosoetou.dll
2008-06-20 22:39:42 0 d-------- H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot
2008-06-19 09:27:05 0 d-------- H:\Documents and Settings\Tiara\Application Data\Macromedia
2008-06-19 09:27:04 0 d-------- H:\Documents and Settings\Tiara\Application Data\Adobe
2008-06-19 09:22:44 0 d-------- H:\Documents and Settings\Tiara\Application Data\Google
2008-06-19 09:20:50 0 d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:18:53 0 d-------- H:\Documents and Settings\Tiara\Application Data\Mozilla
2008-06-19 09:11:56 0 d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10:45 0 d-------- H:\Documents and Settings\Tiara\Application Data\Identities
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\SendTo
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\Recent
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\PrintHood
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\NetHood
2008-06-19 09:10:05 0 dr------- H:\Documents and Settings\Tiara\My Documents
2008-06-19 09:10:05 0 d--h----- H:\Documents and Settings\Tiara\Local Settings
2008-06-19 09:10:05 0 dr------- H:\Documents and Settings\Tiara\Favorites
2008-06-19 09:10:05 0 d-------- H:\Documents and Settings\Tiara\Desktop
2008-06-19 09:10:05 0 d--hs---- H:\Documents and Settings\Tiara\Cookies
2008-06-19 09:10:05 0 dr-h----- H:\Documents and Settings\Tiara\Application Data
2008-06-19 09:10:05 0 d---s---- H:\Documents and Settings\Tiara\Application Data\Microsoft
2008-06-19 09:10:04 0 d--h----- H:\Documents and Settings\Tiara\Templates
2008-06-19 09:10:04 0 dr------- H:\Documents and Settings\Tiara\Start Menu
2008-06-19 09:10:04 1048576 --ah----- H:\Documents and Settings\Tiara\NTUSER.DAT
2008-06-18 20:37:02 84848 --a------ H:\WINDOWS\system32\mtethbrb.dll
2008-06-18 20:34:54 90368 --a------ H:\WINDOWS\system32\iuxiqtqj.dll
2008-06-18 20:33:55 328812 --ahs---- H:\WINDOWS\system32\Iklklnnn.ini2
2008-06-18 20:33:52 318304 --a------ H:\WINDOWS\system32\nnnlklkI.dll
2008-06-18 07:21:03 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 23:09:28 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
2008-06-16 23:08:13 0 d-------- H:\Program Files\LimeWire
2008-06-16 21:35:47 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Sun
2008-06-16 21:30:35 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Google
2008-06-16 21:28:15 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Macromedia
2008-06-16 21:28:13 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Adobe
2008-06-16 20:21:14 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 20:20:57 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Mozilla
2008-06-16 20:00:50 101648 --a------ H:\WINDOWS\system32\tsafkcpp.dll
2008-06-16 19:58:58 90448 --a------ H:\WINDOWS\system32\rlnfdief.dll
2008-06-16 19:57:49 327500 --ahs---- H:\WINDOWS\system32\twyFLkkj.ini2
2008-06-16 19:57:46 318336 --a------ H:\WINDOWS\system32\jkkLFywt.dll
2008-06-16 19:53:40 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52:48 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Identities
2008-06-16 19:52:06 0 dr------- H:\Documents and Settings\Kody.KYLE.001\Favorites
2008-06-16 19:52:06 0 d-------- H:\Documents and Settings\Kody.KYLE.001\Desktop
2008-06-16 19:52:06 0 d--hs---- H:\Documents and Settings\Kody.KYLE.001\Cookies
2008-06-16 19:52:06 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Application Data
2008-06-16 19:52:06 0 d---s---- H:\Documents and Settings\Kody.KYLE.001\Application Data\Microsoft
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Templates
2008-06-16 19:52:05 0 dr------- H:\Documents and Settings\Kody.KYLE.001\Start Menu
2008-06-16 19:52:05 0 dr-h----- H:\Documents and Settings\Kody.KYLE.001\SendTo
2008-06-16 19:52:05 0 dr-h----- H:\Documents and Settings\Kody.KYLE.001\Recent
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\PrintHood
2008-06-16 19:52:05 1310720 --ah----- H:\Documents and Settings\Kody.KYLE.001\NTUSER.DAT
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\NetHood
2008-06-16 19:52:05 0 dr------- H:\Documents and Settings\Kody.KYLE.001\My Documents
2008-06-16 19:52:05 0 d--h----- H:\Documents and Settings\Kody.KYLE.001\Local Settings
2008-06-16 19:26:44 0 d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13:12 0 d-------- H:\Program Files\Common Files\Nero
2008-06-16 18:05:44 101648 --a------ H:\WINDOWS\system32\tybsowwp.dll
2008-06-16 12:26:29 90448 --a------ H:\WINDOWS\system32\xypksrnr.dll
2008-06-15 17:38:44 101760 --a------ H:\WINDOWS\system32\nuspgouw.dll
2008-06-15 12:23:42 90416 --a------ H:\WINDOWS\system32\fvivbcrw.dll
2008-06-14 21:54:19 0 d-------- H:\Program Files\Trend Micro
2008-06-14 15:52:08 84880 --a------ H:\WINDOWS\system32\rimwbovp.dll
2008-06-14 15:46:03 101712 --a------ H:\WINDOWS\system32\iwnqliss.dll
2008-06-14 15:44:10 90432 --a------ H:\WINDOWS\system32\nohebmjr.dll
2008-06-13 21:12:05 1300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 15:24:21 101712 --a------ H:\WINDOWS\system32\fbhbnocf.dll
2008-06-13 15:22:13 90416 --a------ H:\WINDOWS\system32\eavsdylm.dll
2008-06-13 12:36:28 0 d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-13 12:35:31 0 d-------- H:\Documents and Settings\Stacy\Application Data\Mozilla
2008-06-12 14:40:13 84768 --a------ H:\WINDOWS\system32\kkordykb.dll
2008-06-12 14:39:21 0 dr-h----- H:\Documents and Settings\Kyle-Family Computer\Recent
2008-06-12 14:37:16 90400 --a------ H:\WINDOWS\system32\hqbvsqxr.dll
2008-06-12 12:24:21 101616 --a------ H:\WINDOWS\system32\kutjicpw.dll
2008-06-12 12:22:28 84768 --a------ H:\WINDOWS\system32\bqeaptly.dll
2008-06-12 12:22:07 90400 --a------ H:\WINDOWS\system32\sppeggas.dll
2008-06-12 12:21:12 338855 --ahs---- H:\WINDOWS\system32\jQpoYJjl.ini2
2008-06-12 12:21:10 318256 --a------ H:\WINDOWS\system32\ljJYopQj.dll
2008-06-11 17:05:57 0 d-------- H:\WINDOWS\setup.pss
2008-06-11 17:05:44 0 d-------- H:\WINDOWS\setupupd
2008-06-11 14:43:53 84736 --a------ H:\WINDOWS\system32\kttfsftd.dll
2008-06-11 14:40:51 101728 --a------ H:\WINDOWS\system32\bnsomtys.dll
2008-06-11 14:37:51 90384 --a------ H:\WINDOWS\system32\yurikbrn.dll
2008-06-11 13:46:07 101728 --a------ H:\WINDOWS\system32\mfwxcjpq.dll
2008-06-11 13:43:37 90384 --a------ H:\WINDOWS\system32\jfcjmsxi.dll
2008-06-11 13:42:43 337345 --ahs---- H:\WINDOWS\system32\AbehOqss.ini2
2008-06-11 13:42:32 318208 --a------ H:\WINDOWS\system32\ssqOhebA.dll
2008-06-10 15:50:25 96966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50:25 88774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48:09 0 d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48:09 0 d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47:45 129056 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47:45 4632352 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 14:56:42 98560 --a------ H:\WINDOWS\system32\raubhtya.dll
2008-06-10 14:51:31 90288 --a------ H:\WINDOWS\system32\sxasyybg.dll
2008-06-10 14:50:42 333505 --ahs---- H:\WINDOWS\system32\QAbdNXyb.ini2
2008-06-10 14:50:32 318192 --a------ H:\WINDOWS\system32\byXNdbAQ.dll
2008-06-10 12:37:55 98560 --a------ H:\WINDOWS\system32\hoaueaak.dll
2008-06-10 12:34:55 84688 --a------ H:\WINDOWS\system32\provocyc.dll
2008-06-10 12:33:01 90288 --a------ H:\WINDOWS\system32\ysypkcap.dll
2008-06-10 11:37:51 98544 --a------ H:\WINDOWS\system32\nmeiytlx.dll
2008-06-10 11:35:29 90336 --a------ H:\WINDOWS\system32\wpymgnly.dll
2008-06-10 11:34:49 331775 --ahs---- H:\WINDOWS\system32\XIQBbccf.ini2
2008-06-10 11:34:46 318208 --a------ H:\WINDOWS\system32\fccbBQIX.dll
2008-06-10 07:23:02 25344 --a------ H:\WINDOWS\system32\ssqRLDVm.dll
2008-06-08 21:45:29 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Sun
2008-06-08 21:43:27 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Macromedia
2008-06-08 21:39:58 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Adobe
2008-06-08 21:39:30 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Google
2008-06-08 21:32:44 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-06-08 21:29:19 0 d-------- H:\Documents and Settings\Kodygh\Application Data\Identities
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\Templates
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\Start Menu
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\SendTo
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\Recent
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\PrintHood
2008-06-08 21:28:42 1048576 --ah----- H:\Documents and Settings\Kodygh\NTUSER.DAT
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\NetHood
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\My Documents
2008-06-08 21:28:42 0 d--h----- H:\Documents and Settings\Kodygh\Local Settings
2008-06-08 21:28:42 0 dr------- H:\Documents and Settings\Kodygh\Favorites
2008-06-08 21:28:42 0 d-------- H:\Documents and Settings\Kodygh\Desktop
2008-06-08 21:28:42 0 d--hs---- H:\Documents and Settings\Kodygh\Cookies
2008-06-08 21:28:42 0 dr-h----- H:\Documents and Settings\Kodygh\Application Data
2008-06-08 21:28:42 0 d---s---- H:\Documents and Settings\Kodygh\Application Data\Microsoft
2008-06-07 17:21:47 139876 --a------ H:\WINDOWS\system32\mlJAsSJa.dll
2008-06-06 15:49:47 346961 --ahs---- H:\WINDOWS\system32\MSssAyxx.ini2
2008-06-06 15:49:39 316144 --a------ H:\WINDOWS\system32\xxyAssSM.dll
2008-06-06 15:44:09 25296 --a------ H:\WINDOWS\system32\qoMcbcBq.dll
2008-06-04 16:22:47 0 d-------- H:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-06-23 17:48:53 0 d-------- H:\Program Files\Windows Live
2008-06-16 19:13:13 0 d-------- H:\Program Files\Nero
2008-06-16 19:13:12 0 d-------- H:\Program Files\Common Files
2008-06-14 22:02:42 7885 --a------ H:\Program Files\hijackthis.log
2008-06-10 17:48:12 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 17:39:53 0 d-------- H:\Program Files\Common Files\Symantec Shared
2008-06-10 16:59:33 0 d-------- H:\Program Files\Norton 360
2008-05-21 15:03:03 0 d-------- H:\Program Files\Rogers
2008-05-04 12:14:34 0 d-------- H:\Documents and Settings\Stacy\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{683E2552-188D-4F53-BC4C-32E0E94771E1}]
06/06/2008 03:44 PM 25296 --a------ H:\WINDOWS\system32\qoMcbcBq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B26B3CB-025E-451C-9933-AA8E36E89B30}]
06/06/2008 03:49 PM 316144 --a------ H:\WINDOWS\system32\xxyAssSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{993e845d-332a-4847-b4de-9c0f19c599c9}]
06/26/2008 06:07 PM 107968 --a------ H:\WINDOWS\system32\dwrvojcr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [03/08/2005 04:00 AM]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/29/2005 11:16 PM]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [06/08/2007 08:24 PM]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Flag Owns Live Grim"="H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe" [06/26/2008 05:38 PM]
"AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"423b2b70"="H:\WINDOWS\system32\ilpsexce.dll" [06/26/2008 05:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/18/2007 03:54 AM]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{683E2552-188D-4F53-BC4C-32E0E94771E1}"= H:\WINDOWS\system32\qoMcbcBq.dll [06/06/2008 03:44 PM 25296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMcbcBq]
qoMcbcBq.dll 06/06/2008 03:44 PM 25296 H:\WINDOWS\system32\qoMcbcBq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 H:\WINDOWS\system32\xxyAssSM


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
AutoRun\command- J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-26 18:16:55 ------------
Attached Files
File Type: txt extra.txt (12.2 KB, 6 views)
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2008, 07:01 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
It's best for the person I'm communicating with to be doing the work. Things get lost in translation sometimes with third party helping. We're very well versed at talking people with no computer experience through these things.

So, if you're helping, you should be in front of the machine doing the work. Otherwise, your friend should be reading these instructions directly.

There is a fairly heavy Vundo infection on this machine.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Download ComboFix from Here:


* IMPORTANT !!! Place combofix.exe on your Desktop

We will first use ComboFix to install the Microsoft Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Next, download the Microsoft file from this link:

    http://www.microsoft.com/downloads/d...displaylang=en


  • Save the file as it's originally named, next to ComboFix.exe.
  • Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix . See this link for help if needed.

  • Drag the setup package onto ComboFix.exe and drop it.



  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

    ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

    As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

    Once the Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.




  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2008, 09:08 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Ok so, I have finally had the time to sit and follow these instructions carefully and here are the reports, thanks so much

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:39 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {48eb86a8-8233-32aa-8204-a90b51bead43} - {34daeb15-b09a-4028-aa23-33288a68be84} - H:\WINDOWS\system32\rrvljw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8022 bytes

combo fix
ComboFix 08-06-30.2 - Stacy 2008-07-02 10:22:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -4:00]
Running from: H:\Documents and Settings\Stacy\Desktop\ComboFix.exe
Command switches used :: H:\Documents and Settings\Stacy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
H:\Documents and Settings\Kody\Application Data\macromedia\Flash Player\#SharedObjects\XKWYFJFE\www.broadcaster.com
H:\Documents and Settings\Kody\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
H:\Documents and Settings\Kody\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
H:\Documents and Settings\Kody\Application Data\Starware316
H:\Documents and Settings\Kody\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
H:\Documents and Settings\Kody\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Configurator\Configurator.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Configurator\Configurator.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Games\GamesOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Games\GamesOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Manager\ManagerOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Manager\ManagerOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Movies\MoviesOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Movies\MoviesOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Reference\ReferenceOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
H:\Documents and Settings\Kody\Application Data\Starware316\Weather\WeatherOptions.xml
H:\Documents and Settings\Kody\Application Data\Starware316\Weather\WeatherOptions.xml.backup
H:\WINDOWS\BM1736e4a6.txt
H:\WINDOWS\cookies.ini
H:\WINDOWS\Downloaded Program Files\setup.inf
H:\WINDOWS\pskt.ini
H:\WINDOWS\system32\aaeyybdt.ini
H:\WINDOWS\system32\AbehOqss.ini
H:\WINDOWS\system32\AbehOqss.ini2
H:\WINDOWS\system32\bkydrokk.ini
H:\WINDOWS\system32\bnsomtys.dll
H:\WINDOWS\system32\bqeaptly.dll
H:\WINDOWS\system32\brbhtetm.ini
H:\WINDOWS\system32\bwaoomkn.ini
H:\WINDOWS\system32\byXNdbAQ.dll
H:\WINDOWS\system32\ccxrevhy.ini
H:\WINDOWS\system32\ceqmixup.ini
H:\WINDOWS\system32\cycovorp.ini
H:\WINDOWS\system32\dkrilesn.ini
H:\WINDOWS\system32\eavsdylm.dll
H:\WINDOWS\system32\edricrps.dll
H:\WINDOWS\system32\efyumvnq.dll
H:\WINDOWS\system32\fbhbnocf.dll
H:\WINDOWS\system32\fccbBQIX.dll
H:\WINDOWS\system32\fvivbcrw.dll
H:\WINDOWS\system32\hgiiwsaw.ini
H:\WINDOWS\system32\hoaueaak.dll
H:\WINDOWS\system32\hqbvsqxr.dll
H:\WINDOWS\system32\Iklklnnn.ini
H:\WINDOWS\system32\Iklklnnn.ini2
H:\WINDOWS\system32\iuxiqtqj.dll
H:\WINDOWS\system32\iwnqliss.dll
H:\WINDOWS\system32\jfcjmsxi.dll
H:\WINDOWS\system32\jkkiGwvw.dll
H:\WINDOWS\system32\jkkLFywt.dll
H:\WINDOWS\system32\jodvwvty.dll
H:\WINDOWS\system32\jQpoYJjl.ini
H:\WINDOWS\system32\jQpoYJjl.ini2
H:\WINDOWS\system32\kkordykb.dll
H:\WINDOWS\system32\kmugdlvv.ini
H:\WINDOWS\system32\kttfsftd.dll
H:\WINDOWS\system32\kutjicpw.dll
H:\WINDOWS\system32\lixuhpra.dll
H:\WINDOWS\system32\ljJYopQj.dll
H:\WINDOWS\system32\lsunupcy.dll
H:\WINDOWS\system32\mcrh.tmp
H:\WINDOWS\system32\mfwxcjpq.dll
H:\WINDOWS\system32\mkdybqyr.ini
H:\WINDOWS\system32\MSssAyxx.ini
H:\WINDOWS\system32\MSssAyxx.ini2
H:\WINDOWS\system32\mtethbrb.dll
H:\WINDOWS\system32\nfvklrpf.ini
H:\WINDOWS\system32\nmeiytlx.dll
H:\WINDOWS\system32\nnnlklkI.dll
H:\WINDOWS\system32\nohebmjr.dll
H:\WINDOWS\system32\nselirkd.dll
H:\WINDOWS\system32\nuspgouw.dll
H:\WINDOWS\system32\oqoadtyn.ini
H:\WINDOWS\system32\oxlgecjs.ini
H:\WINDOWS\system32\provocyc.dll
H:\WINDOWS\system32\pvobwmir.ini
H:\WINDOWS\system32\QAbdNXyb.ini
H:\WINDOWS\system32\QAbdNXyb.ini2
H:\WINDOWS\system32\qoMcbcBq.dll
H:\WINDOWS\system32\raubhtya.dll
H:\WINDOWS\system32\ridddrke.ini
H:\WINDOWS\system32\rimwbovp.dll
H:\WINDOWS\system32\rlnfdief.dll
H:\WINDOWS\system32\sblbkkxc.dll
H:\WINDOWS\system32\sjvxgtli.ini
H:\WINDOWS\system32\sppeggas.dll
H:\WINDOWS\system32\ssqOhebA.dll
H:\WINDOWS\system32\ssqRLDVm.dll
H:\WINDOWS\system32\sxasyybg.dll
H:\WINDOWS\system32\syeyheby.ini
H:\WINDOWS\system32\tosoetou.dll
H:\WINDOWS\system32\tsafkcpp.dll
H:\WINDOWS\system32\twyFLkkj.ini
H:\WINDOWS\system32\twyFLkkj.ini2
H:\WINDOWS\system32\tybsowwp.dll
H:\WINDOWS\system32\ujbnotly.dll
H:\WINDOWS\system32\uvfgdpgq.ini
H:\WINDOWS\system32\vtefbqyb.ini
H:\WINDOWS\system32\wpymgnly.dll
H:\WINDOWS\system32\wvpcwcxf.dll
H:\WINDOWS\system32\wvwGikkj.ini
H:\WINDOWS\system32\wvwGikkj.ini2
H:\WINDOWS\system32\XIQBbccf.ini
H:\WINDOWS\system32\XIQBbccf.ini2
H:\WINDOWS\system32\xxyAssSM.dll
H:\WINDOWS\system32\xypksrnr.dll
H:\WINDOWS\system32\yabevthp.dll
H:\WINDOWS\system32\ybehyeys.dll
H:\WINDOWS\system32\yltpaeqb.ini
H:\WINDOWS\system32\ysypkcap.dll
H:\WINDOWS\system32\yurikbrn.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-01 19:56 . 2008-07-01 19:56 106,240 --a------ H:\WINDOWS\system32\uvjnbkgx.dll
2008-07-01 19:56 . 2008-07-01 19:56 106,240 --a------ H:\WINDOWS\system32\rrvljw.dll
2008-07-01 16:41 . 2008-07-01 17:31 23 --a------ H:\Documents and Settings\Kody.KYLE.001\jagex_runescape_preferences.dat
2008-06-30 19:56 . 2008-06-30 19:56 105,872 --a------ H:\WINDOWS\system32\zzxxyk.dll
2008-06-30 19:56 . 2008-06-30 19:56 105,872 --a------ H:\WINDOWS\system32\swsygrew.dll
2008-06-29 09:57 . 2008-06-29 09:57 105,856 --a------ H:\WINDOWS\system32\rlapeppx.dll
2008-06-29 09:57 . 2008-06-29 09:57 105,856 --a------ H:\WINDOWS\system32\fsluqm.dll
2008-06-28 07:29 . 2008-06-28 07:29 105,968 --a------ H:\WINDOWS\system32\ztlufu.dll
2008-06-28 07:29 . 2008-06-28 07:29 105,968 --a------ H:\WINDOWS\system32\ynvuqcde.dll
2008-06-27 22:08 . 2008-06-27 22:08 105,904 --a------ H:\WINDOWS\system32\jzbqgh.dll
2008-06-27 22:08 . 2008-06-27 22:08 105,904 --a------ H:\WINDOWS\system32\aeohxjac.dll
2008-06-27 00:24 . 2008-06-26 19:23 294 --ahs---- H:\WINDOWS\system32\ecxespli.ini
2008-06-26 19:23 . 2008-06-26 19:23 474 --ahs---- H:\WINDOWS\system32\ecxespli.tmp
2008-06-26 18:07 . 2008-06-26 18:07 107,968 --a------ H:\WINDOWS\system32\dwrvojcr.dll
2008-06-26 17:37 . 2008-06-26 17:37 91,568 --a------ H:\WINDOWS\system32\nrxbqkwu.dll
2008-06-26 14:53 . 2008-06-26 14:53 107,968 --a------ H:\WINDOWS\system32\vjbokgtu.dll
2008-06-26 14:49 . 2008-06-26 14:49 91,568 --a------ H:\WINDOWS\system32\biuslttf.dll
2008-06-26 14:40 . 2008-06-26 14:40 91,568 --a------ H:\WINDOWS\system32\dqomrclo.dll
2008-06-24 21:55 . 2008-06-24 21:55 <DIR> d-------- H:\Deckard
2008-06-20 22:39 . 2008-06-20 22:39 <DIR> d-------- H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot
2008-06-19 09:20 . 2008-06-19 09:20 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:11 . 2008-06-19 09:11 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10 . 2008-06-19 09:35 <DIR> d-------- H:\Documents and Settings\Tiara
2008-06-18 07:21 . 2008-06-18 07:21 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 23:09 . 2008-07-01 16:37 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
2008-06-16 23:08 . 2008-06-16 23:08 <DIR> d-------- H:\Program Files\LimeWire
2008-06-16 20:21 . 2008-06-16 21:26 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 19:53 . 2008-06-16 19:53 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52 . 2008-07-01 16:41 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001
2008-06-16 19:26 . 2008-06-16 19:26 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13 . 2008-06-16 19:17 <DIR> d-------- H:\Program Files\Common Files\Nero
2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-06-13 21:12 . 2008-06-19 08:39 1,300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 12:36 . 2008-06-13 12:36 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-12 12:22 . 2008-06-26 17:35 122,710 --a------ H:\WINDOWS\BM1736e4a6.xml
2008-06-10 15:50 . 2008-06-10 16:11 96,966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50 . 2008-06-10 16:11 88,774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48 . 2008-06-10 15:48 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48 . 2008-07-02 10:12 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47 . 2008-07-02 10:45 4,928,032 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 15:47 . 2008-07-02 10:42 143,904 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47 . 2008-07-02 10:38 67,028 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 15:47 . 2008-07-02 10:38 14,492 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-06-08 21:28 . 2008-06-11 07:53 <DIR> d-------- H:\Documents and Settings\Kodygh
2008-06-07 17:21 . 2008-06-07 17:21 139,876 --a------ H:\WINDOWS\system32\mlJAsSJa.dll
2008-06-04 16:22 . 2008-06-09 17:31 <DIR> d-------- H:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:48 --------- d-----w H:\Program Files\Windows Live
2008-06-16 23:13 --------- d-----w H:\Program Files\Nero
2008-06-16 23:13 --------- d-----w H:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 02:02 7,885 ----a-w H:\Program Files\hijackthis.log
2008-06-13 09:04 --------- d-----w H:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 23:40 --------- d-----w H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind
2008-06-10 21:48 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 21:39 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-06-10 20:59 --------- d-----w H:\Program Files\Norton 360
2008-06-10 20:14 112,144 ----a-w H:\WINDOWS\system32\drivers\kl1.sys
2008-05-21 19:03 --------- d-----w H:\Program Files\Rogers
2008-05-18 19:27 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 16:14 --------- d-----w H:\Documents and Settings\Stacy\Application Data\LimeWire
2007-10-21 20:32 27,520 ----a-w H:\Documents and Settings\Kody.KYLE\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 00:24 24,928 ----a-w H:\Documents and Settings\Kyle-Family Computer\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:33 59,648 ----a-w H:\Documents and Settings\Kody\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 17:32 6,232 ----a-w H:\Documents and Settings\All Users\Application Data\ypinfo.bin
2005-10-29 20:59 0 ----a-w H:\Documents and Settings\Stacy\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34daeb15-b09a-4028-aa23-33288a68be84}]
2008-07-01 19:56 106240 --a------ H:\WINDOWS\system32\rrvljw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 03:54 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 04:00 98304]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 23:16 49152]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2007-06-08 20:24 282624]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Flag Owns Live Grim"="H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe" [2008-07-02 10:15 8185344]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

H:\Documents and Settings\Tiara and Kody\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - H:\Program Files\LimeWire\LimeWire.exe [2008-06-05 14:52:50 147456]

H:\Documents and Settings\Kody.KYLE.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - H:\Program Files\LimeWire\LimeWire.exe [2008-06-05 14:52:50 147456]

H:\Documents and Settings\Kody.KYLE.001\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - H:\Program Files\LimeWire\LimeWire.exe [2008-06-05 14:52:50 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
\Shell\AutoRun\command - J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 07:00:00 H:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job"
- H:\Program Files\AdwareBot\AdwareBot.ex
- H:\Program Files\AdwareBot
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - H:\Program Files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
HKLM-Run-423b2b70 - H:\WINDOWS\system32\ybehyeys.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 10:42:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\ati2evxx.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-07-02 10:51:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 14:51:00

Pre-Run: 180,114,669,568 bytes free
Post-Run: 180,496,629,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\="Recovery"
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

298 --- E O F --- 2008-05-27 22:59:12
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2008, 09:33 AM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Good job...still quite a bit of work to do. There are several user accounts on this machine. Before we're done, I'll need to review Hijackthis logs from each. Most of our scans are global in nature (entire machine), but some registry items are user account specific.

I'll let you know when it's time for that.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( LimeWire 4.18.2 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    http://www.techsupportforum.com/security-center/hijackthis-log-help/259849-help-constant-pop-ups.html

    File::
    H:\WINDOWS\BM1736e4a6.xml
    H:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job

    Folder::
    H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot
    H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind
    H:\Program Files\AdwareBot
    H:\Documents and Settings\All Users\Application Data\Software rule flag owns

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34daeb15-b09a-4028-aa23-33288a68be84}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flag Owns Live Grim"=-

    Collect::
    H:\WINDOWS\system32\uvjnbkgx.dll
    H:\WINDOWS\system32\rrvljw.dll
    H:\WINDOWS\system32\zzxxyk.dll
    H:\WINDOWS\system32\swsygrew.dll
    H:\WINDOWS\system32\rlapeppx.dll
    H:\WINDOWS\system32\fsluqm.dll
    H:\WINDOWS\system32\ztlufu.dll
    H:\WINDOWS\system32\ynvuqcde.dll
    H:\WINDOWS\system32\jzbqgh.dll
    H:\WINDOWS\system32\aeohxjac.dll
    H:\WINDOWS\system32\ecxespli.ini
    H:\WINDOWS\system32\ecxespli.tmp
    H:\WINDOWS\system32\dwrvojcr.dll
    H:\WINDOWS\system32\nrxbqkwu.dll
    H:\WINDOWS\system32\vjbokgtu.dll
    H:\WINDOWS\system32\biuslttf.dll
    H:\WINDOWS\system32\dqomrclo.dll
    H:\WINDOWS\system32\mlJAsSJa.dll
    H:\WINDOWS\system32\qoMcbcBq.dll

    Suspect::
    H:\Documents and Settings\All Users\Application Data\ypinfo.bin
    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe


  3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  4. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
  5. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

    ---------------------------------------------------------------------------------------------

  6. Download fl.zip
    Extract the contents to a new folder on your Desktop.
    Within the folder, locate & double-click fl.bat.
    It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

    ---------------------------------------------------------------------------------------------
  7. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------

Please return with logs from:

ComboFix (C:\ComboFix.txt)
C:\findlop.txt
HijackThis
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2008, 06:16 PM   #9 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Thank you for your time, but I will be away till Monday for holidays, I got halfway thru these instructions, when it came time to do the cut\paste to send report for analysis, it would only let me cut , there was no paste option only "reload" tried it and it booted me out of everything! Will retry again Monday. Also wondering if you are able to see any problems from your end, with our sound not working.
thanks so much for your help!!
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2008, 06:32 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Make sure the machine stays off the internet until then. Part way through a cleaning, still chance for more to get in.

As far as the file to upload, there should be a file named similar to this on your desktop:

[4]-Submit_2008-07-02@17.02.zip

Please upload it to this site:

http://www.bleepingcomputer.com/subm....php?channel=4

Use the Browse button to navigate to the file on your desktop.

Once it shows:
Quote:
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
Close the site and continue with the previous steps.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-07-2008, 09:38 AM   #11 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Hi, I sent the file , said it was successful, #6 Where do I download file fl.zip from??
thanks
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-07-2008, 09:56 AM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Quote:
Originally Posted by jimmydime View Post
Hi, Where do I download file fl.zip from??
thanks

Hi -

Click on the link in Step 6

here it is again:

http://www.fbeej.ctrlaltdel.dk/Programmer/fl.zip


Also post the log from ComboFix, C:\ComboFix.txt

The uploaded file appears to be empty, so I need to see what happened.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 07-07-2008 at 09:57 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 06:21 AM   #13 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
Ok , please let me know if this info is correct, thanks so much!

ComboFix 08-06-30.2 - Stacy 2008-07-07 11:18:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.147 [GMT -4:00]
Running from: H:\Documents and Settings\Stacy\Desktop\ComboFix.exe
Command switches used :: H:\Documents and Settings\Stacy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
H:\WINDOWS\BM1736e4a6.xml
H:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job
.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-02 11:07 . 2008-06-13 09:10 272,128 --------- H:\WINDOWS\system32\drivers\bthport.sys
2008-07-02 11:07 . 2008-06-13 09:10 272,128 -----c--- H:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:41 . 2008-07-02 21:43 23 --a------ H:\Documents and Settings\Kody.KYLE.001\jagex_runescape_preferences.dat
2008-06-24 21:55 . 2008-06-24 21:55 <DIR> d-------- H:\Deckard
2008-06-19 09:20 . 2008-06-19 09:20 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:11 . 2008-06-19 09:11 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10 . 2008-06-19 09:35 <DIR> d-------- H:\Documents and Settings\Tiara
2008-06-18 07:21 . 2008-06-18 07:21 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 23:09 . 2008-07-01 16:37 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
2008-06-16 20:21 . 2008-06-16 21:26 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 19:53 . 2008-06-16 19:53 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52 . 2008-07-01 16:41 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001
2008-06-16 19:26 . 2008-06-16 19:26 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13 . 2008-06-16 19:17 <DIR> d-------- H:\Program Files\Common Files\Nero
2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-06-13 21:12 . 2008-06-19 08:39 1,300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 12:36 . 2008-06-13 12:36 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-13 05:07 . 2008-07-02 11:18 1,355 --a------ H:\WINDOWS\imsins.BAK
2008-06-10 15:50 . 2008-06-10 16:11 96,966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50 . 2008-06-10 16:11 88,774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48 . 2008-06-10 15:48 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48 . 2008-07-07 11:11 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47 . 2008-07-07 11:21 5,202,208 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 15:47 . 2008-07-07 11:21 164,640 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47 . 2008-07-07 01:33 70,220 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 15:47 . 2008-07-07 01:33 16,244 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-06-08 21:28 . 2008-06-11 07:53 <DIR> d-------- H:\Documents and Settings\Kodygh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:48 --------- d-----w H:\Program Files\Windows Live
2008-06-16 23:13 --------- d-----w H:\Program Files\Nero
2008-06-16 23:13 --------- d-----w H:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 02:02 7,885 ----a-w H:\Program Files\hijackthis.log
2008-06-13 09:04 --------- d-----w H:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 21:48 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 21:39 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-06-10 20:59 --------- d-----w H:\Program Files\Norton 360
2008-06-10 20:14 112,144 ----a-w H:\WINDOWS\system32\drivers\kl1.sys
2008-06-09 21:31 --------- d-----w H:\Program Files\Panda Security
2008-05-21 19:03 --------- d-----w H:\Program Files\Rogers
2008-05-18 19:27 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 12:28 202,752 ----a-w H:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w H:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w H:\WINDOWS\system32\wininet.dll
2007-10-21 20:32 27,520 ----a-w H:\Documents and Settings\Kody.KYLE\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 00:24 24,928 ----a-w H:\Documents and Settings\Kyle-Family Computer\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:33 59,648 ----a-w H:\Documents and Settings\Kody\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 17:32 6,232 ----a-w H:\Documents and Settings\All Users\Application Data\ypinfo.bin
2005-10-29 20:59 0 ----a-w H:\Documents and Settings\Stacy\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-02_19.55.08.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 21:38:28 2,048 --s-a-w H:\WINDOWS\bootstat.dat
+ 2008-07-07 12:15:20 2,048 --s-a-w H:\WINDOWS\bootstat.dat
- 2008-07-02 13:41:24 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-07 12:15:38 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-02 13:41:24 32,768 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 12:15:38 32,768 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 12:15:38 32,768 --sha-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 03:54 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 04:00 98304]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 23:16 49152]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2007-06-08 20:24 282624]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
\Shell\AutoRun\command - J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 11:21:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 11:24:08
ComboFix-quarantined-files.txt 2008-07-07 15:23:40
ComboFix2.txt 2008-07-02 23:55:53
ComboFix3.txt 2008-07-02 14:51:14

Pre-Run: 180,219,293,696 bytes free
Post-Run: 180,209,553,408 bytes free

128 --- E O F --- 2008-07-02 15:18:54


Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\All Users\Application Data

05/15/2007 03:23 AM <DIR> Adobe
04/30/2007 07:03 PM <DIR> AOL
05/02/2007 03:58 PM <DIR> Avg7
03/08/2008 12:27 PM <DIR> CA-SupportBridge
04/30/2007 07:03 PM <DIR> CyberLink
08/17/2007 07:22 PM <DIR> Google
04/30/2007 07:03 PM <DIR> HP
05/02/2007 03:39 PM 696 hpzinstall.log
07/28/2007 05:03 PM <DIR> Individual Software
04/30/2007 07:03 PM <DIR> InstallShield
04/15/2008 03:45 PM <DIR> Intuit Canada
07/07/2008 11:11 AM <DIR> Kaspersky Lab
06/29/2007 04:41 PM <DIR> McAfee
04/30/2007 07:03 PM <DIR> McAfee.com
07/27/2007 09:40 PM <DIR> Messenger Plus!
04/30/2007 07:03 PM <DIR> MSScanAppDataDir
06/10/2008 04:55 PM 7,250 N360BUOptions.ini
04/30/2007 07:03 PM <DIR> Napster
06/16/2008 07:13 PM <DIR> Nero
08/25/2007 02:11 AM <DIR> PlayFirst
04/30/2007 07:03 PM <DIR> Prism Deploy
04/30/2007 07:03 PM <DIR> Pure Networks
04/30/2007 07:03 PM <DIR> QuickTime
06/13/2008 05:04 AM <DIR> SiteAdvisor
04/30/2007 07:03 PM <DIR> Sonic
04/22/2008 06:42 PM <DIR> Spybot - Search & Destroy
08/22/2007 06:11 PM <DIR> TEMP
04/30/2007 07:02 PM <DIR> Trymedia
04/30/2007 07:02 PM <DIR> Ulead Systems
04/30/2007 07:02 PM <DIR> Viewpoint
04/30/2007 07:02 PM <DIR> WholeSecurity
04/30/2007 07:02 PM <DIR> Windows Genuine Advantage
04/30/2007 07:02 PM <DIR> Windows Live Toolbar
05/18/2008 03:27 PM <DIR> WLInstaller
03/08/2008 09:36 AM <DIR> YAHOO
03/08/2008 09:59 AM <DIR> yahoo!
09/28/2006 01:32 PM 6,232 ypinfo.bin
3 File(s) 14,178 bytes
34 Dir(s) 180,157,009,920 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Guest\Application Data

12/16/2007 10:13 PM <DIR> Google
12/15/2007 08:15 PM <DIR> Identities
12/16/2007 10:08 PM <DIR> Macromedia
12/16/2007 10:10 PM <DIR> Sun
0 File(s) 0 bytes
4 Dir(s) 180,156,993,536 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Kody\Application Data

08/05/2007 04:09 AM <DIR> Adobe
08/05/2007 04:09 AM <DIR> AdobeAUM
08/05/2007 04:09 AM <DIR> AdobeUM
04/30/2007 07:07 PM <DIR> AOL
04/30/2007 07:07 PM <DIR> Corel Photo Album
04/25/2007 07:33 AM 59,648 GDIPFONTCACHEV1.DAT
04/30/2007 07:07 PM <DIR> Google
04/30/2007 07:07 PM <DIR> Help
04/30/2007 07:07 PM <DIR> Identities
06/27/2007 07:57 PM <DIR> InterTrust
04/30/2007 07:07 PM <DIR> Lavasoft
06/02/2007 12:50 AM <DIR> Leadertech
08/15/2007 06:57 PM <DIR> LimeWire
04/30/2007 07:07 PM <DIR> Macromedia
04/30/2007 07:07 PM <DIR> McAfee
04/30/2007 07:06 PM <DIR> Ping 01 Settings
04/30/2007 07:06 PM <DIR> SampleView
04/30/2007 07:06 PM <DIR> Screenshot Sender
04/30/2007 07:06 PM <DIR> Sun
05/11/2007 08:08 PM <DIR> Symantec
07/04/2007 11:38 PM <DIR> uTorrent
04/30/2007 07:06 PM <DIR> Yahoo!
04/30/2007 07:06 PM <DIR> You've Got Pictures Screensaver
1 File(s) 59,648 bytes
22 Dir(s) 180,156,993,536 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Kodygh\Application Data

06/08/2008 09:39 PM <DIR> Adobe
06/10/2008 07:29 AM <DIR> Google
06/08/2008 09:29 PM <DIR> Identities
06/08/2008 09:43 PM <DIR> Macromedia
06/08/2008 09:45 PM <DIR> Sun
06/08/2008 09:32 PM <DIR> Symantec
0 File(s) 0 bytes
6 Dir(s) 180,156,989,440 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Kyle-Family Computer\Application Data

07/02/2008 07:51 PM <DIR> .
07/02/2008 07:51 PM <DIR> ..
03/10/2008 04:40 PM <DIR> Adobe
09/20/2007 02:32 PM <DIR> AdobeAUM
09/20/2007 02:32 PM <DIR> AdobeUM
07/07/2007 08:28 AM <DIR> Ahead
06/20/2007 08:24 PM 24,928 GDIPFONTCACHEV1.DAT
05/08/2007 03:39 PM <DIR> Google
08/17/2007 08:15 PM <DIR> HP
04/29/2007 09:49 PM <DIR> Identities
07/28/2007 05:06 PM <DIR> Individual Software
03/20/2008 04:10 PM <DIR> InstallShield
05/02/2007 03:03 PM <DIR> Lavasoft
08/25/2007 10:28 PM <DIR> Leadertech
03/26/2008 04:12 PM <DIR> LimeWire
05/13/2007 07:08 PM <DIR> Macromedia
12/27/2007 08:08 PM <DIR> Mozilla
12/18/2007 05:54 PM <DIR> Nero
12/27/2007 08:12 PM <DIR> Real
04/19/2008 08:13 AM <DIR> Remote Spam Second
05/03/2007 03:09 PM <DIR> Sun
03/10/2008 04:27 PM <DIR> Symantec
12/27/2007 08:09 PM <DIR> Talkback
03/08/2008 09:42 AM <DIR> Yahoo!
1 File(s) 24,928 bytes
23 Dir(s) 180,156,989,440 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Stacy\Application Data

06/16/2008 07:26 PM <DIR> .
06/16/2008 07:26 PM <DIR> ..
03/11/2008 12:25 PM <DIR> Adobe
05/06/2007 11:41 AM <DIR> AdobeAUM
12/26/2007 10:03 PM 2,123 AdobeDLM.log
05/06/2007 11:41 AM <DIR> AdobeUM
12/16/2007 12:30 PM <DIR> Ahead
04/30/2007 07:13 PM <DIR> ArcSoft
06/29/2007 08:13 PM <DIR> CyberLink
12/26/2007 10:03 PM 6 dm.ini
05/06/2007 09:08 PM <DIR> Google
06/01/2007 10:01 AM <DIR> HP
04/30/2007 06:52 PM <DIR> Identities
07/30/2007 07:25 PM <DIR> Individual Software
04/15/2008 03:48 PM <DIR> Intuit Canada
05/14/2007 12:22 PM <DIR> Lavasoft
04/30/2007 07:13 PM <DIR> Leadertech
05/04/2008 12:14 PM <DIR> LimeWire
04/02/2008 03:21 PM <DIR> Macromedia
06/13/2008 12:35 PM <DIR> Mozilla
06/16/2008 07:26 PM <DIR> Nero
04/30/2007 07:12 PM <DIR> Ping 01 Settings
04/19/2008 08:21 AM <DIR> Remote Spam Second
09/29/2007 01:48 PM <DIR> SmartShopper
06/01/2007 01:17 PM <DIR> Snapfish
04/30/2007 07:12 PM <DIR> Sun
03/09/2008 07:19 PM <DIR> Symantec
06/13/2008 12:36 PM <DIR> Talkback
10/29/2005 04:59 PM 0 wklnhst.dat
3 File(s) 2,129 bytes
26 Dir(s) 180,156,989,440 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Tiara\Application Data

06/19/2008 09:27 AM <DIR> Adobe
06/19/2008 09:22 AM <DIR> Google
06/19/2008 09:10 AM <DIR> Identities
06/19/2008 09:27 AM <DIR> Macromedia
06/19/2008 09:18 AM <DIR> Mozilla
06/19/2008 09:11 AM <DIR> Nero
06/19/2008 09:20 AM <DIR> Talkback
0 File(s) 0 bytes
7 Dir(s) 180,156,989,440 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Tiara and Kody\Application Data

12/09/2007 01:27 PM <DIR> Adobe
12/08/2007 09:47 PM <DIR> Google
12/08/2007 09:29 PM <DIR> Identities
12/13/2007 07:46 PM <DIR> LimeWire
12/08/2007 09:41 PM <DIR> Macromedia
12/08/2007 09:50 PM <DIR> Sun
12/12/2007 07:28 PM <DIR> Symantec
0 File(s) 0 bytes
7 Dir(s) 180,156,985,344 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\Default User\Application Data

04/29/2007 05:27 PM <DIR> .
04/29/2007 05:27 PM <DIR> ..
04/29/2007 05:27 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 180,156,985,344 bytes free
Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\LocalService\Application Data

Volume in drive H has no label.
Volume Serial Number is 1405-D795

Directory of H:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:50 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [multibits] C:\DOCUME~1\Kody\APPLIC~1\PING01~1\4fast.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1010\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1013\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1018\..\RunOnce: [NeroHomeFirstStart] "H:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: GameSpot Download Manager.lnk = H:\Program Files\GameSpot\GDM_TrayApp.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1013 Startup: LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (User '?')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA
O8 - Extra context menu item: Add to Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Kody.KYLE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.****online.com/plugins/IDMFlash.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - H:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9881 bytes
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 09:09 AM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Hi -

It seems that rather than post the ComboFix log which was already present, you ran ComboFix again.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\qoobox\combofix2.txt

Post the contents of the log file which opens.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:14 PM   #15 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
This is what came up when I ran search? I have also deleted the Limewire but it still shows?? thanks


ComboFix 08-06-30.2 - Stacy 2008-07-02 19:50:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -4:00]
Running from: H:\Documents and Settings\Stacy\Desktop\ComboFix.exe
Command switches used :: H:\Documents and Settings\Stacy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
H:\WINDOWS\BM1736e4a6.xml
H:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\build rdr help
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\FINDACIDFORD
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\forkfastone
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\Idle Internet Glue
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\Joy wave axis
H:\Documents and Settings\All Users\Application Data\LiveItchDoesFind\Wait barb slow
H:\Documents and Settings\All Users\Application Data\Software rule flag owns
H:\Documents and Settings\All Users\Application Data\Software rule flag owns\Flag Jump.exe
H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot
H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot\Log\2008 Jun 20 - 10_39_42 PM_218.log
H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot\Log\2008 Jun 20 - 10_39_46 PM_046.log
H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot\rs.dat
H:\Documents and Settings\Kyle-Family Computer\Application Data\AdwareBot\Settings\ScanResults.pie
H:\WINDOWS\BM1736e4a6.xml
H:\WINDOWS\system32\aeohxjac.dll
H:\WINDOWS\system32\biuslttf.dll
H:\WINDOWS\system32\dqomrclo.dll
H:\WINDOWS\system32\dwrvojcr.dll
H:\WINDOWS\system32\ecxespli.ini
H:\WINDOWS\system32\ecxespli.tmp
H:\WINDOWS\system32\fsluqm.dll
H:\WINDOWS\system32\jzbqgh.dll
H:\WINDOWS\system32\mlJAsSJa.dll
H:\WINDOWS\system32\nrxbqkwu.dll
H:\WINDOWS\system32\rlapeppx.dll
H:\WINDOWS\system32\rrvljw.dll
H:\WINDOWS\system32\swsygrew.dll
H:\WINDOWS\system32\uvjnbkgx.dll
H:\WINDOWS\system32\vjbokgtu.dll
H:\WINDOWS\system32\ynvuqcde.dll
H:\WINDOWS\system32\ztlufu.dll
H:\WINDOWS\system32\zzxxyk.dll
H:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 11:07 . 2008-06-13 09:10 272,128 --------- H:\WINDOWS\system32\drivers\bthport.sys
2008-07-02 11:07 . 2008-06-13 09:10 272,128 -----c--- H:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:41 . 2008-07-01 17:31 23 --a------ H:\Documents and Settings\Kody.KYLE.001\jagex_runescape_preferences.dat
2008-06-24 21:55 . 2008-06-24 21:55 <DIR> d-------- H:\Deckard
2008-06-19 09:20 . 2008-06-19 09:20 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Talkback
2008-06-19 09:11 . 2008-06-19 09:11 <DIR> d-------- H:\Documents and Settings\Tiara\Application Data\Nero
2008-06-19 09:10 . 2008-06-19 09:35 <DIR> d-------- H:\Documents and Settings\Tiara
2008-06-18 07:21 . 2008-06-18 07:21 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Talkback
2008-06-16 23:09 . 2008-07-01 16:37 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
2008-06-16 20:21 . 2008-06-16 21:26 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Contacts
2008-06-16 19:53 . 2008-06-16 19:53 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001\Application Data\Nero
2008-06-16 19:52 . 2008-07-01 16:41 <DIR> d-------- H:\Documents and Settings\Kody.KYLE.001
2008-06-16 19:26 . 2008-06-16 19:26 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Nero
2008-06-16 19:13 . 2008-06-16 19:17 <DIR> d-------- H:\Program Files\Common Files\Nero
2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- H:\Program Files\Trend Micro
2008-06-13 21:12 . 2008-06-19 08:39 1,300 --a------ H:\WINDOWS\mozver.dat
2008-06-13 12:36 . 2008-06-13 12:36 <DIR> d-------- H:\Documents and Settings\Stacy\Application Data\Talkback
2008-06-13 05:07 . 2008-07-02 11:18 1,355 --a------ H:\WINDOWS\imsins.BAK
2008-06-10 15:50 . 2008-06-10 16:11 96,966 --a------ H:\WINDOWS\system32\drivers\klin.dat
2008-06-10 15:50 . 2008-06-10 16:11 88,774 --a------ H:\WINDOWS\system32\drivers\klick.dat
2008-06-10 15:48 . 2008-06-10 15:48 <DIR> d-------- H:\Program Files\Kaspersky Lab
2008-06-10 15:48 . 2008-07-02 19:46 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-10 15:47 . 2008-07-02 19:54 5,101,856 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 15:47 . 2008-07-02 19:53 158,240 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 15:47 . 2008-07-02 17:37 68,588 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 15:47 . 2008-07-02 17:37 15,476 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- H:\Documents and Settings\Kodygh\Application Data\Symantec
2008-06-08 21:28 . 2008-06-11 07:53 <DIR> d-------- H:\Documents and Settings\Kodygh
2008-06-04 16:22 . 2008-06-09 17:31 <DIR> d-------- H:\Program Files\Panda Security
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:22 PM   #16 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:48 --------- d-----w H:\Program Files\Windows Live
2008-06-16 23:13 --------- d-----w H:\Program Files\Nero
2008-06-16 23:13 --------- d-----w H:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 02:02 7,885 ----a-w H:\Program Files\hijackthis.log
2008-06-13 09:04 --------- d-----w H:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-10 21:48 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 21:39 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-06-10 20:59 --------- d-----w H:\Program Files\Norton 360
2008-06-10 20:14 112,144 ----a-w H:\WINDOWS\system32\drivers\kl1.sys
2008-05-21 19:03 --------- d-----w H:\Program Files\Rogers
2008-05-18 19:27 --------- d-----w H:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 12:28 202,752 ----a-w H:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w H:\WINDOWS\system32\quartz.dll
2008-05-04 16:14 --------- d-----w H:\Documents and Settings\Stacy\Application Data\LimeWire
2008-04-23 04:16 826,368 ----a-w H:\WINDOWS\system32\wininet.dll
2007-10-21 20:32 27,520 ----a-w H:\Documents and Settings\Kody.KYLE\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 00:24 24,928 ----a-w H:\Documents and Settings\Kyle-Family Computer\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:33 59,648 ----a-w H:\Documents and Settings\Kody\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 17:32 6,232 ----a-w H:\Documents and Settings\All Users\Application Data\ypinfo.bin
2005-10-29 20:59 0 ----a-w H:\Documents and Settings\Stacy\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_10.49.50.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 14:39:48 2,048 --s-a-w H:\WINDOWS\bootstat.dat
+ 2008-07-02 21:38:28 2,048 --s-a-w H:\WINDOWS\bootstat.dat
+ 2008-06-13 13:10:50 272,128 ------w H:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 1320 124,928 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 1321 347,136 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 1321 214,528 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 1321 133,120 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 1321 63,488 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 1321 153,088 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 1321 230,400 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 1322 383,488 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 1322 384,512 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 1324 6,066,176 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 1324 44,544 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 1325 267,776 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 1325 27,648 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 1326 459,264 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 1326 52,224 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 1328 478,208 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 1328 193,024 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 1329 671,232 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 1329 102,912 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 1329 44,544 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 1329 105,984 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 1330 1,159,680 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 1330 233,472 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 1331 826,368 -c----w H:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 1320 124,928 ----a-w
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:34 PM   #17 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
- 2008-03-01 1320 124,928 ----a-w H:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w H:\WINDOWS\system32\advpack.dll
- 2008-03-01 1320 124,928 -c--a-w H:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w H:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 1321 347,136 -c--a-w H:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w H:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 1321 214,528 -c--a-w H:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w H:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 1321 133,120 -c--a-w H:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w H:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 1321 63,488 -c----w H:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w H:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c--a-w H:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w H:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 1321 153,088 -c--a-w H:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w H:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 1321 230,400 -c--a-w H:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w H:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w H:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w H:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 1322 383,488 -c----w H:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w H:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 1322 384,512 -c--a-w H:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w H:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 1324 6,066,176 -c----w H:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w H:\WINDOWS\system32\dllcache\ieframe.dll
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:35 PM   #18 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
- 2008-03-01 1324 44,544 -c--a-w H:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w H:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 1325 267,776 -c----w H:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w H:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w H:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w H:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c--a-w H:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w H:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 1325 27,648 -c--a-w H:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w H:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 1326 459,264 -c----w H:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w H:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 1326 52,224 -c----w H:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w H:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 -c--a-w H:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 -c--a-w H:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 1328 478,208 -c--a-w H:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w H:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 1328 193,024 -c--a-w H:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w H:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 1329 671,232 -c--a-w H:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w H:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 1329 102,912 -c--a-w H:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w H:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 1329 44,544 -c--a-w H:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w H:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w H:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w H:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w H:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w H:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 1329 105,984 -c--a-w H:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w H:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 1330 1,159,680 -c--a-w H:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w H:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 1330 233,472 -c--a-w H:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w H:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 1331 826,368 -c--a-w H:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w H:\WINDOWS\system32\dllcache\wininet.dll
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:36 PM   #19 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
- 2008-03-01 1321 347,136 ----a-w H:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w H:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 1321 214,528 ----a-w H:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w H:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 1321 133,120 ----a-w H:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w H:\WINDOWS\system32\extmgr.dll
- 2008-03-01 1321 63,488 ----a-w H:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w H:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w H:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w H:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 1321 153,088 ----a-w H:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w H:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 1321 230,400 ----a-w H:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w H:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w H:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w H:\WINDOWS\system32\ieakui.dll
- 2008-03-01 1322 383,488 ----a-w H:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w H:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 1322 384,512 ----a-w H:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w H:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 1324 6,066,176 ----a-w H:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w H:\WINDOWS\system32\ieframe.dll
- 2008-03-01 1324 44,544 ----a-w H:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w H:\WINDOWS\system32\iernonce.dll
- 2008-03-01 1325 267,776 ----a-w H:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w H:\WINDOWS\system32\iertutil.dll
- 2007-08-13 22:39:10 13,312 ----a-w H:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w H:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 1325 27,648 ----a-w H:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w H:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w H:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w H:\WINDOWS\system32\MRT.exe
- 2008-03-01 1326 459,264 ----a-w H:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w H:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 1326 52,224 ----a-w H:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w H:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w H:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w H:\WINDOWS\system32\mshtml.dll
- 2008-03-01 1328 478,208 ----a-w H:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w H:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 1328 193,024 ----a-w H:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w H:\WINDOWS\system32\msrating.dll
- 2008-03-01 1329 671,232 ----a-w H:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w H:\WINDOWS\system32\mstime.dll
- 2008-03-01 1329 102,912 ----a-w H:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w H:\WINDOWS\system32\occache.dll
- 2008-03-01 1329 44,544 ----a-w H:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w H:\WINDOWS\system32\pngfilt.dll
- 2006-09-25 22:58:48 14,640 ----a-w H:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w H:\WINDOWS\system32\spmsg.dll
- 2008-03-01 1329 105,984 ----a-w H:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w H:\WINDOWS\system32\url.dll
- 2008-03-01 1330 1,159,680 ----a-w H:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w H:\WINDOWS\system32\urlmon.dll
- 2008-03-01 1330 233,472 ----a-w H:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w H:\WINDOWS\system32\webcheck.dll
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-08-2008, 05:36 PM   #20 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: XP sp2


Re: Help with constant pop ups
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 03:54 68856]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"EPSON Stylus CX4200 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 04:00 98304]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 23:16 49152]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2007-06-08 20:24 282624]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Messenger\\msmsgs.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348ba13a-f76c-11db-918e-0013d3529847}]
\Shell\AutoRun\command - J:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ce5195-086f-11da-a586-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 19:53:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 19:55:51
ComboFix-quarantined-files.txt 2008-07-02 23:55:30
ComboFix2.txt 2008-07-02 14:51:14

Pre-Run: 180,201,648,128 bytes free
Post-Run: 180,180,172,800 bytes free

315 --- E O F --- 2008-07-02 15:18:54
jimmydime is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:20 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85