Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Microsoft Support > Windows 2000 Pro / NT Workstation Support
need help getting rid of f3.cookingluck.com pop-up need help getting rid of f3.cookingluck.com pop-up
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Windows 2000 Pro / NT Workstation Support Find support for Windows 2000 Pro / NT Workstation here

Reply
 
Thread Tools
Old 02-25-2008, 11:45 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2008
Location: michigan
Posts: 3
OS: windows 2000


need help getting rid of f3.cookingluck.com pop-up
i accidently installed a program and now these pop-ups wont leave me be.its not a serious problem as in where i cant do anything,i have full function of my computer but the pop-ups just wont stop.i need help immediately with this so i can move-on.
hectorarill2008 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-26-2008, 04:55 AM   #2 (permalink)
Tech, Microsoft Support
 
XtabbedoutX's Avatar
 
Join Date: Sep 2007
Location: Oklahoma City
Posts: 956
OS: Server 2K3 R2, Server 2K, XP PRO, Mac OS X 10.4, Mac OS X 10.5, Ubuntu Linux 7.10, iPhone

My System

Send a message via AIM to XtabbedoutX
Re: need help getting rid of f3.cookingluck.com pop-up
Hi & Welcome to TSF

Is this on a server or workstation? What was the program you installed? What version is the Operating System?
__________________


HJT - 5 steps against malware. Post your HijackThis log there and not here !
Posting system specs
XtabbedoutX is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-26-2008, 08:23 PM   #3 (permalink)
Registered User
 
Join Date: Feb 2008
Location: michigan
Posts: 3
OS: windows 2000


Re: need help getting rid of f3.cookingluck.com pop-up
Quote:
Originally Posted by XtabbedoutX View Post
Hi & Welcome to TSF

Is this on a server or workstation? What was the program you installed? What version is the Operating System?
what u mean server or workstation?the program was like a video plug-in,my os is windows 2000nt
hectorarill2008 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-27-2008, 11:51 AM   #4 (permalink)
Registered User
 
hitech's Avatar
 
Join Date: Oct 2007
Posts: 387
OS: Windows


Re: need help getting rid of f3.cookingluck.com pop-up
if this is when you are on the net,in administrative tools-services-stop messenger-right click- properties-disable.
hitech is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-27-2008, 04:18 PM   #5 (permalink)
Registered User
 
Join Date: Feb 2008
Location: michigan
Posts: 3
OS: windows 2000


Re: need help getting rid of f3.cookingluck.com pop-up
heres the active scan report through panda scan?

i completed the five steps.







Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hex\Cookies\hex@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hex\Cookies\hex@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Hex\Cookies\hex@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Hex\Cookies\hex@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hex\Cookies\hex@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Hex\Cookies\hex@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hex\Cookies\hex@com[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Hex\Cookies\hex@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Hex\Cookies\hex@findwhat[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Hex\Cookies\hex@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hex\Cookies\hex@overture[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hex\Cookies\hex@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hex\Cookies\hex@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Hex\Cookies\hex@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Hex\Cookies\hex@statse.webtrendslive[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Hex\Cookies\hex@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hex\Cookies\hex@tribalfusion[1].txt
Virus:Trj/Downloader.SPR Disinfected C:\WINNT\bxlrvps.dll


heres the main.txt file

Deckard's System Scanner v20071014.68
Run by Hex on 2008-02-27 1623
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 96% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-27 16:07:17
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINNT\system32\wbem\winmgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINNT\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\coolpro2\coolpro2.exe
C:\Documents and Settings\Hex\Desktop\dss.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1202580592125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\system32\WRLogonNTF.dll (file missing)
O21 - SSODL: DriveMon - {893c0651-df1f-4e01-b01d-e3323ad6f01d} - C:\WINNT\Installer\{893c0651-df1f-4e01-b01d-e3323ad6f01d}\DriveMon.dll
O21 - SSODL: RomService - {dff740cb-bb9d-4097-84d8-5566924adf94} - C:\WINNT\Installer\{dff740cb-bb9d-4097-84d8-5566924adf94}\RomService.dll
O23 - Service: McAfee Application Installer Cleanup (0237471204140585) (0237471204140585mcinstcleanup) - Unknown owner - C:\WINNT\TEMP\023747~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


--
End of file - 6820 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 YMIDUSB (YAMAHA Corporation USB MIDI Driver) - c:\winnt\system32\drivers\ymidusb.sys <Not Verified; YAMAHA CORPORATION; YAMAHA USB-MIDI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 0237471204140585mcinstcleanup (McAfee Application Installer Cleanup (0237471204140585)) - c:\winnt\temp\023747~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FB
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-23 05:12:57 328 --a------ C:\WINNT\Tasks\McQcTask.job


-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-27 13:08:46 44928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-27 1330 8576 --a------ C:\WINNT\system32\drivers\hreqivwbdfpt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-27 12:50:07 118784 --a------ C:\WINNT\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-02-27 12:50:05 0 d-------- C:\Program Files\SpywareBlaster
2008-02-27 12:40:45 0 d-------- C:\WINNT\system32\ActiveScan
2008-02-27 11:26:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d0.dat
2008-02-23 05:16:31 0 d-------- C:\Documents and Settings\Default User\Application Data\SiteAdvisor
2008-02-23 05:16:24 0 d-------- C:\Program Files\SiteAdvisor
2008-02-23 05:16:24 0 d-------- C:\Documents and Settings\Hex\Application Data\SiteAdvisor
2008-02-23 05:16:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-23 05:15:47 143360 --a------ C:\WINNT\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-02-23 05:12:46 0 d-------- C:\Program Files\McAfee.com
2008-02-23 05:12:43 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-23 05:12:37 0 d-------- C:\Program Files\McAfee
2008-02-23 04:44:24 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-23 04:03:46 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-02-22 21:46:10 90112 --a------ C:\WINNT\fkxvkns.exe
2008-02-22 21:46:10 0 --a------ C:\WINNT\dgtxrdfsnw.dll
2008-02-22 21:46:10 237568 --a------ C:\WINNT\alofkmn.dll <Not Verified; ; alofkmn>
2008-02-19 22:57:20 0 d-------- C:\Documents and Settings\Hex\Application Data\Uniblue
2008-02-19 22:57:09 0 d-------- C:\Program Files\Uniblue
2008-02-19 22:50:04 0 d-------- C:\Documents and Settings\Hex\Application Data\Propellerhead Software
2008-02-19 22:50:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-02-19 22:49:41 233472 --a------ C:\WINNT\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; ReCycle 2.1>
2008-02-19 22:49:39 0 d-------- C:\Program Files\Recycle
2008-02-19 22:49:18 331263 --a------ C:\WINNT\LOOP.exe
2008-02-15 17:59:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2c0.dat
2008-02-15 13:54:46 0 d-------- C:\Program Files\Nero
2008-02-15 13:54:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-15 12:59:21 0 d-------- C:\AudioConverter
2008-02-15 12:47:01 32256 --a------ C:\WINNT\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-15 12:47:01 21056 --a------ C:\WINNT\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-15 12:47:01 4672 --a------ C:\WINNT\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-15 12:47:01 5600 --a------ C:\WINNT\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-14 23:42:07 155648 --a------ C:\WINNT\system32\ssleay32.dll
2008-02-14 23:42:07 684032 --a------ C:\WINNT\system32\libeay32.dll
2008-02-14 23:42:07 0 d-------- C:\Program Files\Webroot
2008-02-14 23:42:07 0 d-------- C:\Documents and Settings\Hex\Application Data\Webroot
2008-02-14 23:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-14 14:01:18 0 d-------- C:\Program Files\BitLord
2008-02-13 13:03:40 0 d-------- C:\Program Files\Soulseek
2008-02-12 18:58:36 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-02-12 18:58:36 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-02-12 18:58:26 225280 --a------ C:\WINNT\system32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-02-12 18:58:26 106496 --a------ C:\WINNT\system32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-02-12 18:58:14 52224 --a------ C:\WINNT\system32\mspmsnsv.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-02-12 1700 0 d-------- C:\Documents and Settings\Hex\Application Data\Syntrillium
2008-02-12 17:04:31 0 d-------- C:\Program Files\coolpro2
2008-02-12 12:11:30 0 d-------- C:\Documents and Settings\Hex\Application Data\Help
2008-02-11 21:01:27 0 d-------- C:\Documents and Settings\Hex\Application Data\Yahoo!
2008-02-11 21:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-11 21:01:26 0 d-------- C:\Program Files\Yahoo!
2008-02-11 14:42:52 0 d-------- C:\Documents and Settings\All Users\Application Data\YAMAHA
2008-02-11 14:33:16 0 d-------- C:\Program Files\Digidesign
2008-02-11 14:33:09 163840 --a------ C:\WINNT\system32\ArtFfct.dll <Not Verified; ; Bibliothèque de liaison dynamique FDlg>
2008-02-11 14:32:40 0 d-------- C:\Program Files\Arturia
2008-02-09 19:00:54 0 d-------- C:\Documents and Settings\Hex\Application Data\Cakewalk
2008-02-09 18:57:27 118784 --a------ C:\WINNT\dsdxirmv.exe
2008-02-09 18:56:15 180224 --a------ C:\WINNT\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-02-09 18:56:10 0 d-------- C:\Cakewalk Projects
2008-02-09 18:55:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_23c.dat
2008-02-09 18:47:58 0 d-------- C:\Documents and Settings\Hex\Application Data\WinRAR
2008-02-09 18:34:04 0 d-------- C:\Documents and Settings\Hex\Application Data\Macromedia
2008-02-09 18:34:04 0 d-------- C:\Documents and Settings\Hex\Application Data\Adobe
2008-02-09 18:34:02 0 d-------- C:\WINNT\system32\Macromed
2008-02-09 10:55:07 0 d--h----- C:\WINNT\msdownld.tmp
2008-02-09 10:55:02 0 d-------- C:\WINNT\Windows Update Setup Files
2008-02-09 10:49:50 920284 ---h----- C:\WINNT\ShellIconCache
2008-02-09 10:48:58 0 d-------- C:\Documents and Settings\Hex\Application Data\Ahead
2008-02-09 10:42:16 0 d-------- C:\WINNT\system32\Windows Media
2008-02-09 10:41:44 0 d--h---c- C:\WINNT\$NtUpdateRollupPackUninstall$
2008-02-09 10:41:41 0 d-------- C:\WINNT\msiinst.tmp
2008-02-09 10:40:25 0 d--h---c- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2008-02-09 10:39:06 0 d-------- C:\WINNT\mui
2008-02-09 10:23:01 0 d-------- C:\WINNT\system32\BITS
2008-02-09 10:09:56 0 d-------- C:\WINNT\SoftwareDistribution
2008-02-09 1032 0 d-------- C:\WINNT\system32\Data
2008-02-09 1027 0 --a------ C:\WINNT\?
2008-02-09 10:00:17 0 d-------- C:\WINNT\VirtualEar
2008-02-09 10:00:17 49152 --a------ C:\WINNT\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-02-09 10:00:17 45056 --a------ C:\WINNT\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-02-09 10:00:17 65536 --a------ C:\WINNT\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-02-09 10:00:17 0 d-------- C:\Program Files\Analog Devices
2008-02-09 09:59:12 0 d-------- C:\Program Files\Digital Line Detect
2008-02-09 09:58:41 299520 --a------ C:\WINNT\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-02-09 09:58:10 0 d-------- C:\Program Files\Creative
2008-02-09 09:57:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-09 09:56:52 0 d-------- C:\Program Files\Broadcom
2008-02-09 09:56:46 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-09 09:56:34 0 d-------- C:\dell
2008-02-09 09:53:00 0 d-------- C:\Program Files\Common Files\Nero
2008-02-09 09:52:45 997888 --a------ C:\WINNT\system32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-02-09 09:52:45 892416 --a------ C:\WINNT\system32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-02-09 09:52:45 1111040 --a------ C:\WINNT\system32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-02-09 09:52:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-09 09:51:57 0 d-------- C:\Program Files\Ahead
2008-02-09 09:51:19 0 d-------- C:\WINNT\RegisteredPackages
2008-02-09 09:51:00 733184 --a------ C:\WINNT\system32\qedwipes.dll
2008-02-09 09:50:59 1798144 --a------ C:\WINNT\system32\qedit.dll
2008-02-09 09:50:59 324096 --a------ C:\WINNT\system32\mswebdvd.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-02-09 09:50:59 13312 --a------ C:\WINNT\system32\msdmo.dll
2008-02-09 09:50:59 18944 --a------ C:\WINNT\system32\encapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:58 18432 --a------ C:\WINNT\system32\dswave.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:58 76800 --a------ C:\WINNT\system32\dmscript.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:58 664576 --a------ C:\WINNT\system32\dinput8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:58 1703936 --a------ C:\WINNT\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:58 1201152 --a------ C:\WINNT\system32\d3d8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 1769472 --a------ C:\WINNT\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 1189888 --a------ C:\WINNT\system32\dx8vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 491520 --a------ C:\WINNT\system32\dsdmoprp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 186880 --a------ C:\WINNT\system32\dsdmo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 112128 --a------ C:\WINNT\system32\dpvvox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 80896 --a------ C:\WINNT\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 381952 --a------ C:\WINNT\system32\dpvoice.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 19968 --a------ C:\WINNT\system32\dpvacm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 16896 --a------ C:\WINNT\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 3072 --a------ C:\WINNT\system32\dpnlobby.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 68096 --a------ C:\WINNT\system32\dpnhupnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 32768 --a------ C:\WINNT\system32\dpnhpast.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 723968 --a------ C:\WINNT\system32\dpnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 3072 --a------ C:\WINNT\system32\dpnaddr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 44032 --a------ C:\WINNT\system32\dimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 459264 --a------ C:\WINNT\system32\diactfrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:57 7168 --a------ C:\WINNT\system32\d3d8thk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-09 09:50:48 0 d-------- C:\WINNT\system32\DirectX
2008-02-09 09:49:26 0 d-------- C:\WINNT\system32\NtmsData
2008-02-09 09:49:00 0 d--hs---- C:\WINNT\Installer
2008-02-09 09:49:00 0 d-------- C:\Documents and Settings\Hex\Application Data\Identities
2008-02-09 09:48:58 0 d--hs---- C:\System Volume Information
2008-02-09 09:48:55 0 d--h----- C:\WINNT\system32\GroupPolicy
2008-02-09 09:48:54 0 d--hs---- C:\WINNT\CSC
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\Templates
2008-02-09 09:48:54 0 d-------- C:\Documents and Settings\Hex\Start Menu
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\SendTo
2008-02-09 09:48:54 0 dr-h----- C:\Documents and Settings\Hex\Recent
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\PrintHood
2008-02-09 09:48:54 1495040 --ah----- C:\Documents and Settings\Hex\NTUSER.DAT
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\NetHood
2008-02-09 09:48:54 0 d-------- C:\Documents and Settings\Hex\My Documents
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\Local Settings
2008-02-09 09:48:54 0 dr------- C:\Documents and Settings\Hex\Favorites
2008-02-09 09:48:54 0 d-------- C:\Documents and Settings\Hex\Desktop
2008-02-09 09:48:54 0 d---s---- C:\Documents and Settings\Hex\Cookies
2008-02-09 09:48:54 0 d--h----- C:\Documents and Settings\Hex\Application Data
2008-02-09 09:48:43 0 d-------- C:\WINNT\system32\Microsoft
2008-02-09 09:44:05 0 d-------- C:\WINNT\system32\rocket
2008-02-09 09:44:05 0 d-------- C:\WINNT\mww32
2008-02-09 09:44:05 0 d-------- C:\WINNT\ime
2008-02-09 09:44:05 0 d-------- C:\Program Files\microsoft frontpage
2008-02-09 09:44:04 0 d-------- C:\WINNT\system32\rpcproxy
2008-02-09 09:44:04 0 d-------- C:\WINNT\system32\inetsrv
2008-02-09 09:43:41 122880 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-09 09:43:18 0 -rahs---- C:\MSDOS.SYS
2008-02-09 09:43:18 0 -rahs---- C:\IO.SYS
2008-02-09 09:43:18 0 ---h----- C:\CONFIG.SYS
2008-02-09 09:43:18 0 ---h----- C:\AUTOEXEC.BAT
2008-02-09 09:42:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-09 09:42:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-09 09:42:27 0 dr------- C:\WINNT\Offline Web Pages
2008-02-09 09:42:27 0 d---s---- C:\WINNT\Downloaded Program Files
2008-02-09 09:42:12 0 d-a-s---- C:\WINNT\Tasks
2008-02-09 09:41:51 15012 --a------ C:\WINNT\system32\emptyregdb.dat
2008-02-09 09:41:21 0 d-------- C:\WINNT\Registration
2008-02-09 09:41:08 0 d-------- C:\WINNT\system32\DTCLog
2008-02-09 09:41:02 0 d-ah----- C:\Program Files\WindowsUpdate
2008-02-09 09:40:43 0 d-------- C:\Program Files\Accessories
2008-02-09 09:40:39 0 d-------- C:\Program Files\Windows NT
2008-02-09 09:40:36 0 d-------- C:\WINNT\system32\Com
2008-02-09 09:39:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-09 01:29:03 0 d-a------ C:\Program Files\Common Files\ODBC
2008-02-09 01:29:01 0 d-a------ C:\WINNT\Speech
2008-02-09 01:29:00 0 d-a------ C:\Program Files\Common Files
2008-02-09 01:28:59 0 dra------ C:\Program Files
2008-02-09 01:27:48 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-09 01:27:48 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-09 01:27:48 0 d-a------ C:\Documents and Settings\All Users\Documents
2008-02-09 01:27:48 0 d-ah----- C:\Documents and Settings\All Users\Application Data
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\Default User\Start Menu
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\SendTo
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-09 01:27:47 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-02-09 01:27:47 0 d--h----- C:\Documents and Settings\Default User\Application Data
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\All Users\Start Menu
2008-02-09 01:27:47 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-09 01:27:40 0 d-a------ C:\WINNT\system32\CatRoot
2008-02-09 01:27:27 0 d-a------ C:\Documents and Settings
2008-02-09 01:24:21 0 d-a------ C:\WINNT
2008-02-09 01:24:21 0 d---s---- C:\WINNT\Web
2008-02-09 01:24:21 0 d-a------ C:\WINNT\twain_32
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\wins
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\wbem
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\spool
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\ShellExt
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\Setup
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\ras
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\os2
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\npp
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\mui
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\ie_de
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\ias
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\export
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\drivers
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\drivers\etc
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\drivers\disdn
2008-02-09 01:24:21 0 drahs--c- C:\WINNT\system32\dllcache
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\dhcp
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system32\config
2008-02-09 01:24:21 0 d-a------ C:\WINNT\system
2008-02-09 01:24:21 0 d-a------ C:\WINNT\security
2008-02-09 01:24:21 0 d-a------ C:\WINNT\repair
2008-02-09 01:24:21 0 d-a------ C:\WINNT\msapps
2008-02-09 01:24:21 0 d-a------ C:\WINNT\msagent
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Media
2008-02-09 01:24:21 0 d--h----- C:\WINNT\inf
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Help
2008-02-09 01:24:21 0 dra-s---- C:\WINNT\Fonts
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Driver Cache
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Debug
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Cursors
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Connection Wizard
2008-02-09 01:24:21 0 d-a------ C:\WINNT\Config
2008-02-09 01:24:21 0 d-a------ C:\WINNT\AppPatch
2008-02-09 01:24:21 0 d-a------ C:\WINNT\addins


-- Find3M Report ---------------------------------------------------------------

2008-02-09 1027 0 --a------ C:\WINNT\?


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/07 06:15a 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [07/14/03 04:00a C:\WINNT\system32\mobsync.exe]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [08/20/04 03:55p]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [08/20/04 03:51p]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/04 02:42p]
"P17Helper"="P17.dll" [05/03/05 07:38p C:\WINNT\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/06 04:40p]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/07 10:33p]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/07 01:57p]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [07/22/07 08:29p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [08/22/06 09:52a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/9/2008 9:59:12 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DriveMon"= {893c0651-df1f-4e01-b01d-e3323ad6f01d} - C:\WINNT\Installer\{893c0651-df1f-4e01-b01d-e3323ad6f01d}\DriveMon.dll [02/22/08 09:46p 17958]
"RomService"= {dff740cb-bb9d-4097-84d8-5566924adf94} - C:\WINNT\Installer\{dff740cb-bb9d-4097-84d8-5566924adf94}\RomService.dll [02/22/08 09:51p 17958]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

*Newly Created Service* - HREQIVWBDFPT
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2008-02-27 16:12:18 ------------
Attached Files
File Type: txt extra.txt (7.2 KB, 0 views)
hectorarill2008 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:52 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82