FPBlau

Good Day,

For the past several days I have been experiencing constant and continuous pop-ups when browsing using Internet Explorer. The pop-ups masquerade as Windows Security Center and give warnings that I have been infected with spyware/malware. They also try to get me to download a program called SWS AntiSpyware 2007. When I try to close these pop-ups they reappear again minutes later. I am also getting lots of advertising pop-ups. I suspect that I have been infected with some spware/malware and I can't detect them using AVG 8.0. I have followed the recommended 5 steps with the following results.

Thank you

System: XP Home Service Pack 3

1. Found and deleted; Viewpoint Manager and Viewpoint Media player.
2. Uninstalled AVG 8.0 and NoAdaware 5.0.
3. Ran Panda Active Scan, I was unable to disinfect.
4. Installed and ran Spywareblaster and IE-Spyad.
5. Installed and ran DSS.
6. Additional Anti virus programs installed, but not running Uniblue Power Suit and RegCure.

Panda Active scan results:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-10 09:54:22
PROTECTIONS: 1
MALWARE: 33
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029007 adware/tvmedia Adware No 0 Yes No c:\winnt\cmuninstall.bat
00029459 spyware/betterinet Spyware No 1 Yes No c:\winnt\inf\biini.inf
00101185 HackTool/Gendel.A SecRisk No 0 Yes No C:\gendel32.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Trafficmp-Cookie_07_07_2008_09_41_17.asq23281
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.casalemedia.com_07_07_2008_09_41_17.asq15724
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.casalemedia.com_30_04_2008_18_58_45.asq15724
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_07_07_2008_09_41_17.asq26962
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_06_06_2008_11_37_02.asq19169
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_30_04_2008_18_58_45.asq26962
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dad\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{CFD349DB-5C75-4B5F-8494-8047861A9A02}\RP1201\A0272795.exe
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.247RealMedia.com_06_06_2008_11_37_02.asq41
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.247RealMedia.com_07_07_2008_09_41_17.asq41
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.FastClick.com_30_04_2008_18_58_46.asq24464
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.TribalFusion.com_30_04_2008_18_58_46.asq9961
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@linksynergy[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@ccbill[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Statcounter_30_04_2008_18_58_46.asq16827
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq41
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_06_06_2008_11_37_02.asq18467
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq18467
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq18467
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_07_07_2008_09_41_17.asq19169
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Stat.Onestat_30_04_2008_18_58_46.asq23281
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq6334
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_07_07_2008_09_41_17.asq28145
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_06_06_2008_11_37_02.asq15724
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_30_04_2008_18_58_46.asq28145
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.QuestionMarket.com_30_04_2008_18_58_46.asq5705
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.QuestionMarket.com_07_07_2008_09_41_17.asq5705
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq26500
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq6334
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_06_06_2008_11_37_02.asq6334
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.adrevolver_30_04_2008_18_58_45.asq26500
00367121 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@server.iad.liveperson[3].txt
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Dad\Desktop\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Dad\Desktop\SmitfraudFix.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

DSS Results:

Deckard's System Scanner v20071014.68
Run by Dad on 2008-07-10 10:30:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
150: 2008-07-10 14:31:03 UTC - RP1204 - Deckard's System Scanner Restore Point
149: 2008-07-10 14:00:40 UTC - RP1203 - Installed AVG 8.0
148: 2008-07-10 13:59:42 UTC - RP1202 - Removed AVG 8.0
147: 2008-07-09 15:48:34 UTC - RP1201 - Software Distribution Service 3.0
146: 2008-07-09 15:14:45 UTC - RP1200 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-11 14:28:50 UTC - RP1055 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:31, on 7/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\documents and settings\dad\local settings\application data\skiui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [skiui] c:\documents and settings\dad\local settings\application data\skiui.exe skiui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: Expense Report Solutions - https://ers.snapon.com/ers/Exc.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_4.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neut...s/DigWebX2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170373980203
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://72.42.31.42/viewer/activeXVie...ivexviewer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://snapon.webex.com/client/T26L/webex/ieatgpc.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 5607 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080709-180343-244 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsvsd - c:\winnt\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD5>
R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MCSTRM - c:\winnt\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (PADUS ASPI SHELL) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\winnt\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5001973923C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\5001973923C00
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-05-13 10:51:46 334 --a------ C:\WINNT\Tasks\Uniblue SpyEraser.job
2008-05-02 09:13:23 372 --a------ C:\WINNT\Tasks\RegCure.job
2008-05-02 09:13:23 438 --a------ C:\WINNT\Tasks\RegCure Program Check.job


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 10:18:51 0 d-------- C:\ie-spyad_zo
2008-07-10 10:14:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 10:14:11 0 d-------- C:\Program Files\SpywareBlaster
2008-07-10 10:00:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-10 08:11:04 0 d-------- C:\Program Files\Panda Security
2008-07-09 18:37:23 0 d-------- C:\fsaua.data
2008-07-09 14:29:49 0 d-------- C:\Documents and Settings\Dad\Application Data\MSNInstaller
2008-07-09 11:55:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2008-07-09 09:40:00 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-09 0833 0 d-------- C:\Program Files\NoAdware5.0
2008-07-08 14:45:56 1140 --a------ C:\WINNT\system32\tmp.reg
2008-07-07 10:23:59 0 d-------- C:\Documents and Settings\Dad\.housecall6.6
2008-07-07 09:59:35 0 dr-h----- C:\Documents and Settings\Dad\Recent
2008-06-10 11:31:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Aim


-- Find3M Report ---------------------------------------------------------------

2008-07-10 10:03:59 0 d-------- C:\Documents and Settings\Dad\Application Data\MSN6
2008-07-10 07:45:48 0 d-------- C:\Program Files\Viewpoint
2008-07-09 07:47:07 0 d-------- C:\Program Files\Trend Micro
2008-06-23 11:43:50 110 --a----c- C:\WINNT\mrid32
2008-06-06 1057 0 d-a------ C:\Program Files\Common Files
2008-06-06 1003 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 10:04:57 0 d-------- C:\Program Files\Common Files\MRIC
2008-05-20 08:05:46 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 10:21:40 0 d-------- C:\Documents and Settings\Dad\Application Data\Uniblue
2008-05-02 11:27:34 118772 --a------ C:\WINNT\Keyfinder Advanced 2007 (Full Version) Uninstaller.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 18:21]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [04/13/2008 20:12]
"skiui"="c:\documents and settings\dad\local settings\application data\skiui.exe" [07/08/2008 13:49]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINNT\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINNT\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
C:\WINNT\GWMDMpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
SK9910DM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Preload Check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Migo PC Backup Pro Tray Control]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skiui]
c:\documents and settings\dad\local settings\application data\skiui.exe skiui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue PowerSuite]
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"helpsvc"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"MDM"=2 (0x2)
"WLSetupSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb



-- End of Deckard's System Scanner: finished at 2008-07-10 10:35:38 ------------

Attached Files

extra.txt (18.4 KB, 0 views)