|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
07-10-2008, 08:19 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 1
OS: XP Sevice Pack 3
|
Constant and Continuous pop-ups (SWS)
Good Day,
For the past several days I have been experiencing constant and continuous pop-ups when browsing using Internet Explorer. The pop-ups masquerade as Windows Security Center and give warnings that I have been infected with spyware/malware. They also try to get me to download a program called SWS AntiSpyware 2007. When I try to close these pop-ups they reappear again minutes later. I am also getting lots of advertising pop-ups. I suspect that I have been infected with some spware/malware and I can't detect them using AVG 8.0. I have followed the recommended 5 steps with the following results. Thank you System: XP Home Service Pack 3 1. Found and deleted; Viewpoint Manager and Viewpoint Media player. 2. Uninstalled AVG 8.0 and NoAdaware 5.0. 3. Ran Panda Active Scan, I was unable to disinfect. 4. Installed and ran Spywareblaster and IE-Spyad. 5. Installed and ran DSS. 6. Additional Anti virus programs installed, but not running Uniblue Power Suit and RegCure. Panda Active scan results: ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-07-10 09:54:22 PROTECTIONS: 1 MALWARE: 33 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG Anti-Virus 8.0 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00029007 adware/tvmedia Adware No 0 Yes No c:\winnt\cmuninstall.bat 00029459 spyware/betterinet Spyware No 1 Yes No c:\winnt\inf\biini.inf 00101185 HackTool/Gendel.A SecRisk No 0 Yes No C:\gendel32.exe 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Trafficmp-Cookie_07_07_2008_09_41_17.asq23281 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.casalemedia.com_07_07_2008_09_41_17.asq15724 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.casalemedia.com_30_04_2008_18_58_45.asq15724 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_07_07_2008_09_41_17.asq26962 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_06_06_2008_11_37_02.asq19169 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.DoubleClick_30_04_2008_18_58_45.asq26962 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dad\Desktop\SmitfraudFix\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{CFD349DB-5C75-4B5F-8494-8047861A9A02}\RP1201\A0272795.exe 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.247RealMedia.com_06_06_2008_11_37_02.asq41 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.247RealMedia.com_07_07_2008_09_41_17.asq41 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.FastClick.com_30_04_2008_18_58_46.asq24464 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.TribalFusion.com_30_04_2008_18_58_46.asq9961 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@mediaplex[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@linksynergy[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@clickbank[1].txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@ccbill[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@com[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Statcounter_30_04_2008_18_58_46.asq16827 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@statcounter[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq41 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_06_06_2008_11_37_02.asq18467 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq18467 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq18467 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_07_07_2008_09_41_17.asq19169 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@bs.serving-sys[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Stat.Onestat_30_04_2008_18_58_46.asq23281 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@advertising[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq6334 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_07_07_2008_09_41_17.asq28145 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_06_06_2008_11_37_02.asq15724 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.RealMedia.com_30_04_2008_18_58_46.asq28145 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.QuestionMarket.com_30_04_2008_18_58_46.asq5705 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.QuestionMarket.com_07_07_2008_09_41_17.asq5705 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_07_07_2008_09_41_17.asq26500 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_30_04_2008_18_58_45.asq6334 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.Tracking-Cookie_06_06_2008_11_37_02.asq6334 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.adrevolver_30_04_2008_18_58_45.asq26500 00367121 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Dad\Cookies\dad@server.iad.liveperson[3].txt 02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Dad\Desktop\SmitfraudFix\Reboot.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== No C:\Documents and Settings\Dad\Desktop\SmitfraudFix.exe ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== DSS Results: Deckard's System Scanner v20071014.68 Run by Dad on 2008-07-10 10:30:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 150: 2008-07-10 14:31:03 UTC - RP1204 - Deckard's System Scanner Restore Point 149: 2008-07-10 14:00:40 UTC - RP1203 - Installed AVG 8.0 148: 2008-07-10 13:59:42 UTC - RP1202 - Removed AVG 8.0 147: 2008-07-09 15:48:34 UTC - RP1201 - Software Distribution Service 3.0 146: 2008-07-09 15:14:45 UTC - RP1200 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2007-11-11 14:28:50 UTC - RP1055 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dad.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:31, on 7/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINNT\system32\ctfmon.exe C:\documents and settings\dad\local settings\application data\skiui.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\MSN\MSNCoreFiles\MSN.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Dad\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [skiui] c:\documents and settings\dad\local settings\application data\skiui.exe skiui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: Expense Report Solutions - https://ers.snapon.com/ers/Exc.cab O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\gateway\Do More\DoMoreRunExe.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_4.cab O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neut...s/DigWebX2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170373980203 O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://72.42.31.42/viewer/activeXVie...ivexviewer.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://snapon.webex.com/client/T26L/webex/ieatgpc.cab O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 5607 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080709-180343-244 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsvsd - c:\winnt\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD5> R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R2 MCSTRM - c:\winnt\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)> R3 pfc (PADUS ASPI SHELL) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\winnt\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream> S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing) S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\5001973923C00 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\5001973923C00 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2008-05-13 10:51:46 334 --a------ C:\WINNT\Tasks\Uniblue SpyEraser.job 2008-05-02 09:13:23 372 --a------ C:\WINNT\Tasks\RegCure.job 2008-05-02 09:13:23 438 --a------ C:\WINNT\Tasks\RegCure Program Check.job -- Files created between 2008-06-10 and 2008-07-10 ----------------------------- 2008-07-10 10:18:51 0 d-------- C:\ie-spyad_zo 2008-07-10 10:14:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-10 10:14:11 0 d-------- C:\Program Files\SpywareBlaster 2008-07-10 10:00:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-10 08:11:04 0 d-------- C:\Program Files\Panda Security 2008-07-09 18:37:23 0 d-------- C:\fsaua.data 2008-07-09 14:29:49 0 d-------- C:\Documents and Settings\Dad\Application Data\MSNInstaller 2008-07-09 11:55:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim 2008-07-09 09:40:00 0 dr-h----- C:\Documents and Settings\Owner\Recent 2008-07-09 08  33 0 d-------- C:\Program Files\NoAdware5.02008-07-08 14:45:56 1140 --a------ C:\WINNT\system32\tmp.reg 2008-07-07 10:23:59 0 d-------- C:\Documents and Settings\Dad\.housecall6.6 2008-07-07 09:59:35 0 dr-h----- C:\Documents and Settings\Dad\Recent 2008-06-10 11:31:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Aim -- Find3M Report --------------------------------------------------------------- 2008-07-10 10:03:59 0 d-------- C:\Documents and Settings\Dad\Application Data\MSN6 2008-07-10 07:45:48 0 d-------- C:\Program Files\Viewpoint 2008-07-09 07:47:07 0 d-------- C:\Program Files\Trend Micro 2008-06-23 11:43:50 110 --a----c- C:\WINNT\mrid32 2008-06-06 10 57 0 d-a------ C:\Program Files\Common Files2008-06-06 10 03 0 d--h----- C:\Program Files\InstallShield Installation Information2008-06-06 10:04:57 0 d-------- C:\Program Files\Common Files\MRIC 2008-05-20 08:05:46 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-13 10:21:40 0 d-------- C:\Documents and Settings\Dad\Application Data\Uniblue 2008-05-02 11:27:34 118772 --a------ C:\WINNT\Keyfinder Advanced 2007 (Full Version) Uninstaller.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 18:21] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [04/13/2008 20:12] "skiui"="c:\documents and settings\dad\local settings\application data\skiui.exe" [07/08/2008 13:49] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMidi"=MIDIDEF.EXE "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 17:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINNT\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINNT\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG] GWMDMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi] C:\WINNT\GWMDMpi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon] SK9910DM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Preload Check] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Migo PC Backup Pro Tray Control] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skiui] c:\documents and settings\dad\local settings\application data\skiui.exe skiui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue PowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "wscsvc"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SENS"=2 (0x2) "seclogon"=2 (0x2) "Schedule"=2 (0x2) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "NtmsSvc"=3 (0x3) "mnmsrvc"=3 (0x3) "LmHosts"=2 (0x2) "helpsvc"=2 (0x2) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) "MDM"=2 (0x2) "WLSetupSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc *Newly Created Service* - PAVBOOT [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb -- End of Deckard's System Scanner: finished at 2008-07-10 10:35:38 ------------ |
|
     |
| Sponsored Links |
| Thread Tools | |
|
|
