Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 



Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Adware/Malware popups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.


Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]
 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 03-18-2008, 02:13 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Adware/Malware popups
PC infected by:Spyware&Malware Protection, Privacy Protector, Error Cleaner, Trusted Antivirus, Adware Remover 2007, Scanneradwareremover 2007, safenavweb, xpantiviruspro, systemerror fixer, softwarereferral.com, worm.win32.NetSky
Followed 5 steps offered by TSF, still get adware popups, but less than before running 5 steps.
Attaching DSS- main.txt, unable to run extra.txt
Deckard's System Scanner v20071014.68
Run by Greg on 2008-03-18 13:37:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-18 13:42:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\LexmarkX83\ACMonitor_X83.exe
C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Walgreens\Walgreens PhotoShow\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Greg\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O15 - Trusted Zone: https://homeequity.indymacbank.com (HKCU)
O15 - Trusted Zone: https://www.statementlook.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: ChkBoot - {093038ec-b9c5-449a-819c-a09a29c231f5} - C:\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}\ChkBoot.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 10411 bytes

-- Files created between 2008-02-18 and 2008-03-18 -----------------------------

2008-02-28 19:28:49 0 d-------- C:\Documents and Settings\Kids\Application Data\Grisoft
2008-02-26 20:48:58 0 d-------- C:\Program Files\SpywareBlaster
2008-02-26 16:55:52 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-26 16:37:33 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-26 15:51:14 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-26 15:51:12 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-26 15:51:10 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-26 15:51:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-26 15:51:01 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-26 15:50:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-26 15:50:48 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-26 12:31:20 3712 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 1222 0 d-------- C:\Documents and Settings\Greg\Application Data\Grisoft
2008-02-26 12:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 22:30:01 1286 --ah----- C:\aaw7boot.cmd
2008-02-25 20:10:19 0 d-------- C:\Program Files\Lavasoft
2008-02-25 20:10:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 20:05:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 19:52:00 0 d-------- C:\Program Files\AntiVirusPro
2008-02-25 19:52:00 0 d-------- C:\Documents and Settings\Greg\Application Data\Anti-Virus-Pro.com
2008-02-19 18:21:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-19 17:00:48 0 d-------- C:\Documents and Settings\Kids\Application Data\NewSoft


-- Find3M Report ---------------------------------------------------------------

2008-03-18 10:20:40 0 d-------- C:\Program Files\Common Files
2008-03-17 12:48:27 0 d-------- C:\Program Files\Norton SystemWorks
2008-03-14 17:00:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-14 13:50:45 0 d-------- C:\Documents and Settings\Greg\Application Data\Canon
2008-03-01 20:42:00 0 d-------- C:\Documents and Settings\Greg\Application Data\AdobeUM
2008-02-26 18:52:52 0 d-------- C:\Program Files\Norton AntiSpam
2008-02-26 18:46:44 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-02-26 18:46:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-26 18:46:18 0 d-------- C:\Program Files\Messenger
2008-02-26 18:45:04 0 d-------- C:\Program Files\LexmarkX83
2008-02-26 18:42:34 0 d-------- C:\Program Files\iTunes
2008-02-26 16:00:15 0 d-------- C:\Program Files\Virtual Wallet
2008-02-25 19:52:01 0 d-------- C:\Program Files\SmartDraw 7
2008-02-20 15:41:35 0 d-------- C:\Program Files\Musicmatch
2008-02-20 14:01:04 0 d-------- C:\Program Files\Dell
2008-02-20 13:59:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-20 13:40:12 0 d-------- C:\Program Files\Harry Potter Print Studio 5
2008-02-19 21:12:55 0 d-------- C:\Program Files\MyWebSearch
2008-02-19 20:21:57 0 d-------- C:\Program Files\Dzuptr
2008-02-19 17:19:14 0 --a------ C:\WINDOWS\system32\NEWSOFT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [10/18/2001 10:25 AM]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [06/14/2001 12:42 PM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [06/26/2002 08:47 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/13/2003 01:35 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/21/2007 04:03 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 04:15 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/23/2006 02:48 AM]
"WD Button Manager"="WDBtnMgr.exe" [10/22/2007 01:27 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 01:42 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [05/19/2005 02:59 PM]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [09/09/2004 07:12 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ChkBoot"= {093038ec-b9c5-449a-819c-a09a29c231f5} - C:\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}\ChkBoot.dll [02/25/2008 10:51 AM 17958]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd3d900-3236-11da-8992-0050228da878}]
AutoRun\command- G:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-03-18 13:44:05 ------------
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-31-2008, 10:13 AM   #2 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
BUMP

Since my posting I am still receiving popups:
Last edited by forhockey; 03-31-2008 at 03:37 PM.
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2008, 03:40 PM   #3 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

--------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix


IMPORTANT: Make sure you install the Recovery Console before running ComboFix.

Reply back with the following:
  • C:\ComboFix.txt
  • New HiJackThis Log
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2008, 11:39 AM   #4 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
C:\ComboFix.txt
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

New HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:01 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8788 bytes
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2008, 04:25 PM   #5 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

The first log you posted appears to be the CF_RC.txt log, which shows me that you've installed the Recovery Console :)

Did you run ComboFix after that by double clicking on ComboFix.exe on your desktop?

If so, then you can get the log by doing the following:

Go to Start -> Run
Type C:\ComboFix.txt
<hit the enter key>

You should now be presented with the correct log. Please reply back with the results from C:\ComboFix.txt

Thanks.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2008, 07:42 PM   #6 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
I apologize.

Despite trying to follow the 'Temporary Disable Antivirus, Firewall...etc' in the bleepingcomputer.com directions, my Norton Antivirus won't allow the ComboFix.exe to run. ComboFix.exe gets to the backing up of the registry and then Norton stops it.

Ideas?
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2008, 09:14 PM   #7 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
We are going to have to run ComboFix in safemode.


Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Please run ComboFix by double-clicking on the icon. If you can please post the results from C:\ComboFix.txt after its finished running. Thanks
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2008, 10:28 PM   #8 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
C:\ComboFix.txt
ComboFix 08-04-01.2 - Greg 2008-04-01 22:08:27.7 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Greg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Greg\Application Data\FunWebProducts
C:\Documents and Settings\Greg\Application Data\FunWebProducts\Data\Greg\avatar.dat
C:\Documents and Settings\Greg\Application Data\FunWebProducts\Data\Greg\register.dat
C:\Documents and Settings\Greg\Application Data\FunWebProducts\Data\Greg\zbucks.dat
C:\Documents and Settings\Greg\Application Data\FunWebProducts\Data\Greg\zwinky.dat
C:\Documents and Settings\Greg\Favorites\Error Cleaner.url
C:\Documents and Settings\Greg\Favorites\Privacy Protector.url
C:\Documents and Settings\Greg\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Nicole\Application Data\FunWebProducts
C:\Documents and Settings\Nicole\Application Data\FunWebProducts\Data\Nicole\avatar.dat
C:\Documents and Settings\Nicole\Application Data\FunWebProducts\Data\Nicole\zbucks.dat
C:\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}
C:\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}\ChkBoot.dll
.
---- Previous Run -------
.
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak
C:\setup.exe
C:\WINDOWS\hosts
C:\WINDOWS\rs.txt

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 22:23 . 2008-03-12 22:23 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 20:36 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-31 20:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 19:25 --------- d-----w C:\Documents and Settings\Greg\Application Data\Canon
2008-03-02 03:42 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM
2008-02-29 02:28 --------- d-----w C:\Documents and Settings\Kids\Application Data\Grisoft
2008-02-27 03:52 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-27 01:52 --------- d-----w C:\Program Files\Norton AntiSpam
2008-02-27 01:46 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-27 01:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-27 01:45 --------- d-----w C:\Program Files\LexmarkX83
2008-02-27 01:42 --------- d-----w C:\Program Files\iTunes
2008-02-26 23:00 --------- d-----w C:\Program Files\Virtual Wallet
2008-02-26 19:31 3,712 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-26 19:06 --------- d-----w C:\Documents and Settings\Greg\Application Data\Grisoft
2008-02-26 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 05:30 1,286 ---ha-w C:\aaw7boot.cmd
2008-02-26 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 03:10 --------- d-----w C:\Program Files\Lavasoft
2008-02-26 03:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 02:52 --------- d-----w C:\Program Files\SmartDraw 7
2008-02-26 02:52 --------- d-----w C:\Program Files\AntiVirusPro
2008-02-26 02:52 --------- d-----w C:\Documents and Settings\Greg\Application Data\Anti-Virus-Pro.com
2008-02-23 02:44 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-20 22:41 --------- d-----w C:\Program Files\Musicmatch
2008-02-20 21:01 --------- d-----w C:\Program Files\Dell
2008-02-20 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 20:40 --------- d-----w C:\Program Files\Harry Potter Print Studio 5
2008-02-20 03:21 --------- d-----w C:\Program Files\Dzuptr
2008-02-20 00:00 --------- d-----w C:\Documents and Settings\Kids\Application Data\NewSoft
2008-02-13 03:39 --------- d-----w C:\Documents and Settings\Kids\Application Data\ArcSoft
2008-02-08 18:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2006-04-25 20:52 630,784 ----a-w C:\Documents and Settings\Greg\chatlnk.exe
2004-12-25 07:48 43,544 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 13:42 401491]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2005-05-19 14:59 176128]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 19:12 132248]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25 40960]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-26 20:47 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-12-13 13:35 684032]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 12:42 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-21 16:03 100056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 16:15 600896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 02:48 40048]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 13:27 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-24 13:31 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd3d900-3236-11da-8992-0050228da878}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 05:10:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Greg.job"
- C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exeh/task:
"2008-03-31 20:36:36 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-02 04:58:13 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\Program Files\SmartDraw 7\Messages\SDNotify.exeQ-PSD -V730 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T
"2007-12-19 08:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 22:18:34
ComboFix-quarantined-files.txt 2008-04-02 05:18:32
Pre-Run: 19,634,438,144 bytes free
Post-Run: 19,613,904,896 bytes free
.
2008-03-13 05:23:11 --- E O F ---
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2008, 04:18 PM   #9 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.





  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Also, please update me on how your system is behaving.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-03-2008, 10:08 AM   #10 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
The latest popups, porntube, adultyoutube and podcasts haven't popped up since Tuesday.
Kaspersky scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-03 06:21
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/04/2008
Kaspersky Anti-Virus database records: 679225
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\

Scan Statistics:
Total number of scanned objects: 206068
Number of viruses found: 60
Number of infected objects: 259
Number of suspicious objects: 0
Duration of the scan process: 03:58:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03a6d383de864968245cb4b6cddee3fe_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ced6e9110d36b21c2d652021ffd4a1_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1073e6cf8df8503a497d8c6217323f98_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\124f37949a646e8b9b41b55ccc7f81b3_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14052c7f188c4ca389393d5c977b9745_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\169ce662c38f2f75956118d458080f20_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a288411d0afa2b03fb3e32beebaee78_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20202b3eef78f75d2b2b366bfd3f4448_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20a60bbd098dc2fe03f8bf004a8a80c4_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\256500597ce38a61186f5993bf5ee8ab_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27ceef7f63ab070f1328f9464af147fb_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2965a58b166aa0507a4d8d2c856a3ac1_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c3bad04badde2b5231ac0af7d627483_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2df8dfa42d04c07f2bbd3b92d9fd84e5_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ffc0739896a71656b8d01c4fbae8e89_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35f895024c2c7b163fc7a50a34c0fbc4_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36c47014fedc08a458a61f483b1e8c52_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\461c7c79c5f139abaf7eda3fba485a95_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5109290033771ac3241ed22965392568_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5345f0185b48605925bc2920e99ae2ae_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60f19eac747d139f9daf24633b6f64d6_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6255f83e514868667099a5153c1830be_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65ee3eb1a5a1ad05d612ff8c7afd8e62_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6778390a6c2049de5afe814492881d2b_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d404ffebaf460871a2a8f1ee702a449_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ecad19e0f580511b171eda22d1e360c_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7235f2ab96233743b690cc2f801448e7_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73a1b8706f6fb4cb527e11761859a8e9_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7446a25a42e96f2bc7dd7ac3aecd3ac5_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\760ba961b4b3eec42d18f78342d11053_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ca9d9f19187463685a570720d2b5e14_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7efa8107328c741642ca0a70efd6512f_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fbe1a7ece0b65e95446c1a80fb56358_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\825ee61fbabd139d41ed59b26ba85a5d_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83e8a75d6a6b7b64b1cd277de10a903c_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8423433665aa28eb027ad9532e1db55f_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\864c532ae648eba7a75e979c6a5cb592_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\875fe6eb7077c64391fb43dc71fd0931_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c1c2b8ff936f7ccd0a61c75296f6761_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c63ad8e41d65da9e641ec1275a1405c_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\904fbef3b53632dd57334cbfddff945d_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\942ab26231a28b1e4f1675e81da5bada_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95341b088d54dbb693c8fbc61712b60d_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97b69e85af06910a584747abfa79548a_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\988cdfdb0abd51db8a721c3b7c74db85_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9961045399cb5d0e47bb0004bb6c2253_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9aff1c8dd03baa19777e19b3af73f689_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67083284ff6fb09f63eb171b56d60eb_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a808e4c2b90821eb7ea0dee50b99c6d1_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9b78830d40e6e557f1cc2599eb45f23_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac2333887d3494c3ef56abb9b46e05e4_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adaeb71acf55118542919bb8038bbe28_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae72bcae45730955d117ec851e339272_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b36e6fe6e69819170e2ebd6f5cde0f87_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b92cab90e1588b4ae17635ce11c648d2_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc07d2d7608223f54ee179e4c5bd3117_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c20a7906ba1821bc6bd6eaf601dc8aa5_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2a325b5c704471c50a0d2bc1190b0f9_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c57ca90357b71cea3f4747d0dc1b4c1d_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c73242d07e6f413ed297f98d54b9a82c_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c818bf5abfb73c2777ebc2133d8a41fd_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\caaf9c145e6c95dabb811ef3b9f33383_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbe501c94012b810663a1c5ab1a893f5_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc4f82574d5a364d8135153fb772fff7_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd8d32a8c319c0ae3bc26f5dfcc0e021_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceae23a4466124069c2444b6f91d8e1a_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d07ae5b8037ad0dc8baa9123e1dc10bc_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dcaa3fcd0be5340f438c3dc4d5151ec5_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb7cab3e1dfdf9cf2760d65fb4e4548e_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3c3ef76775b94ba1c91e41db419b603_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa9570f5306cf58b0e95dd156ea85682_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcc6a7b9a20b9fc6e2a3b1752c45893e_c8394784-0509-43d3-ad23-fe338e4783cf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-30049298.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-30049298.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-30049298.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-30049298.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-20874374.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-20874374.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-20874374.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\Greg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-fc9eb36-20874374.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Greg\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173522-732.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173742-707.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-174351-655.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183829-902.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\Documents and Settings\Greg\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Greg\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Greg\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\History\History.IE5\MSHist012008040220080403\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\me_3S4mRwuDuWXd9Qt Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\me_6SA7dKCS9jPW9F1 Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\me_FlqUW1yKuSsQhGr Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\me_UXwtZqUWYH6d1Fz Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\me_x0mfAudqwinJ1Pl Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\~DFC143.tmp Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\temp\~DFC158.tmp Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip/BreastWomen.exe/file2 Infected: Trojan-Clicker.Win32.VB.ji skipped
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip/BreastWomen.exe Infected: Trojan-Clicker.Win32.VB.ji skipped
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\Extra Programs\Area Code Reverse Lookup Install File (PocketPC).exe/data0004 Infected: not-a-virus:AdWare.Win32.OnFlow skipped
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\Extra Programs\Area Code Reverse Lookup Install File (PocketPC).exe Inno: infected - 1 skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.EZula.cp skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe/WISE0020.BIN Infected: Trojan-Dropper.Win32.Small.jh skipped
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe WiseSFX: infected - 5 skipped
C:\Documents and Settings\Greg\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Greg\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000006.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C897562.dll Infected: not-a-virus:AdWare.Win32.WinAD.ao skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8D1F5F.dll Infected: not-a-virus:AdWare.Win32.Quick.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C8D1F5F.exe Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1A4146.tmp/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1A4146.tmp/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1A4146.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1A4146.tmp ZIP: infected - 3 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E1A4146.tmp CryptFF: infected - 3 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13904E92.tmp Infected: Trojan-Clicker.Win32.VB.ji skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13C71855.tmp Infected: Trojan-Clicker.Win32.VB.ji skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1510789A.exe Infected: not-a-virus:Downloader.Win32.Agent.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18A06AFF.tmp Infected: Trojan-Clicker.Win32.VB.ji skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\261D6D76.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\261D6D76.dll WiseSFX: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\261D6D76.dll WiseSFXDropper: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\261D6D76.dll Exe2Dll: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\261D6D76.dll CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2D741CAF.tmp Infected: Email-Worm.Win32.Eyeveg.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53EA35ED.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F7B71EC.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F7B71EC.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F7B71EC.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F7B71EC.exe NSIS: infected - 3 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F7B71EC.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70865D07.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70865D07.exe CAB: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70865D07.exe MimarSinan: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70865D07.exe UPX: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70865D07.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\73C20E07.exe Infected: not-a-virus:AdWare.Win32.NoName.f skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74280915.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F1B6350.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F1E0D4C.exe Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F213749.exe Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F280B41.exe Infected: Trojan-Downloader.Win32.Keenval skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}\ChkBoot.dll.vir Infected: Trojan-Downloader.Win32.Agent.jnw skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP1005\A0441351.dll Infected: Trojan-Downloader.Win32.Agent.jnw skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP1006\change.log Object is locked skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP923\A0388939.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP923\A0388941.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP926\A0389213.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP927\A0389292.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP927\A0389294.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP927\A0389341.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391302.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391319.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391345.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391346.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391463.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP928\A0391526.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP929\A0391627.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP930\A0391631.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP930\A0392640.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP931\A0392666.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP932\A0393684.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP933\A0394705.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP933\A0394724.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP933\A0394746.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP934\A0396706.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP934\A0396718.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP935\A0397719.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP935\A0397733.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP935\A0397735.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP935\A0397755.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP936\A0398734.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP936\A0398748.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP937\A0399746.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP938\A0399775.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP940\A0399896.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP940\A0399943.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP942\A0401932.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP943\A0401971.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP943\A0402010.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP945\A0402163.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP945\A0402210.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP945\A0402212.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP945\A0402213.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP945\A0402214.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP946\A0402281.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP948\A0402402.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0403405.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0403416.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0403427.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0404419.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0404425.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0404431.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0404455.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP949\A0404492.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP950\A0404498.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP951\A0404555.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP951\A0404563.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP957\A0405805.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP957\A0405916.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP958\A0405969.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP958\A0406048.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP958\A0406960.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP958\A0407961.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP959\A0408407.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP959\A0408419.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP961\A0409643.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP963\A0409789.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP963\A0409863.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0409926.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0410917.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0410971.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0410975.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0410985.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0411989.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412977.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412978.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412979.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412980.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412985.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP964\A0412990.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413222.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413298.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413316.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413332.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413335.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413337.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413338.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413339.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413340.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413341.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413343.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413344.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413345.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413346.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413347.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413348.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413349.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413350.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413351.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413352.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413353.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413354.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413355.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413356.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413357.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413359.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413360.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413361.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413362.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413364.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413365.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413366.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413367.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413369.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP965\A0413393.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP966\A0413419.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP966\A0414448.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP967\A0416430.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP967\A0416441.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP967\A0416481.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP969\A0417354.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0419363.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0420541.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421511.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421530.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421582.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421583.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421705.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421707.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421771.EXE Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421772.dll Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP973\A0421835.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421844.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421854.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421867.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421876.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421882.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421929.dll Infected: Trojan-Downloader.Win32.Agent.jnw skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421930.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqi skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421931.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bqj skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421932.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421933.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqm skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421934.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqk skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP974\A0421952.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0421955.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0421960.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0421970.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0421983.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0421994.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422041.dll Infected: Trojan-Downloader.Win32.Agent.jnw skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422042.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqi skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422043.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bqj skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422044.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422045.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqm skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422046.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqk skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0422064.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP975\A0423065.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424074.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424079.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424085.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424087.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424097.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424110.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424114.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424161.dll Infected: Trojan-Downloader.Win32.Agent.jnw skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424162.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqi skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424163.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bqj skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424164.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqm skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424165.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqk skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP976\A0424182.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424207.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424225.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqm skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424226.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqi skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424227.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bqj skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424228.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424230.dll Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424231.dll Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424232.exe Infected: not-a-virus:AdWare.Win32.WebSearch.az skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424233.exe Infected: not-a-virus:AdWare.Win32.WebSearch.ae skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424234.exe Infected: not-a-virus:AdWare.Win32.WebSearch.ad skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424235.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bl skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424236.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424237.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424238.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424239.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424242.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0424243.dll Infected: not-a-virus:AdWare.Win32.Sahat.a skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP977\A0425256.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP978\A0425266.exe Infected: not-virus:Hoax.Win32.Agent.ai skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP981\A0427414.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP981\A0427417.DLL Infected: not-a-virus:AdWare.Win32.Vapsup.bqn skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP982\A0427461.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP982\A0427463.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
C:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP995\A0436306.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bqk skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
F:\Program Files\MySearch\bar\1.bin\S42NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
F:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.j skipped
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.IGetNet skipped
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe WiseSFX: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{297C97F6-F3FB-46A7-92ED-C6A8746D65BE}\RP1006\change.log Object is locked skipped
F:\WINNT\system32\brix6ie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.c skipped

Scan process completed.
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-03-2008, 05:25 PM   #11 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

Empty Norton Quarantine Folder

Please visit the following link on how to empty out our quarantine folder.

Click Here

--------------------------------------------------------------

Please download ATF Cleaner

* Double-click ATF-Cleaner.exe to run the program.
* Click Select All found at the bottom of the list.
* Click the Empty Selected button.

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

* Click Opera at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
KILLALL::

File::
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\Extra Programs\Area Code Reverse Lookup Install File (PocketPC).exe
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe
Folder::
C:\Documents and Settings\Greg\Desktop\backups
F:\Program Files\MySearch
Save this as CFScript




Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-03-2008, 09:04 PM   #12 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
When I drug CFScript into ComboFix.exe, Norton Antivirus halted ComboFix after the system restart as a 'Malicious Script'. When I tried the ATF-Cleaner.exe again, it noted that it cleaned up space previously. I ran CFScript into ComboFix.exe in Safe Mode and saved the text file as C:\ComboFix2.txt

ComboFix 08-04-01.2 - Greg 2008-04-03 20:30:31.9 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.804 [GMT -7:00]
Running from: C:\Documents and Settings\Greg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greg\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\Extra Programs\Area Code Reverse Lookup Install File (PocketPC).exe
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Greg\Desktop\backups
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-241
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-277
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-284
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-285
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-389
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-445
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-465
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-523
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-597
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-681
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-691
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-700
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-718
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173519-980
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-109
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-109.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-167
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-173
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-258
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-289
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-299
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-422
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-547
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-553
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-708
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-735
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-794
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-873
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-889
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173520-975
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173521-768
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173521-768.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173522-732
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173522-732.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173524-138
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173524-138.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173525-782
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173525-782.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173526-138
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173526-138.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173526-198
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173528-300
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173528-300.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173529-385
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173529-385.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173530-649
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173530-649.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-114
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-446
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-566
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-676
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-848
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-944
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173531-971
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-106
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-123
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-346
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-457
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-910
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-922
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173532-969
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173541-132
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173544-868
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173544-923
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173545-937
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173546-104
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173546-572
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173546-669
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173547-777
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173547-777.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173548-397
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173548-397.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173550-584
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173550-584.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173550-584.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173554-321
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173554-555
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173556-677
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173557-497
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173557-979
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173558-118
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173558-570
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-178
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-201
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-215
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-281
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-324
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-432
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-459
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-495
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-607
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-671
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-689
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-778
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-871
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-909
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-912
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173739-988
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-236
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-248
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-286
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-369
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-440
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-529
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-581
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-583
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-656
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-656.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-658
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-716
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-719
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173740-767
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173741-108
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173741-108.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173742-707
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173742-707.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173744-834
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173744-834.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173750-617
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173750-617.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173800-458
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173801-272
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173801-272.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173811-124
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173811-124.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173821-143
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173821-143.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173835-391
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173835-391.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173844-123
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173844-641
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173844-918
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-327
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-364
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-546
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-576
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-602
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173845-662
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173846-194
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173846-345
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173846-373
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173846-466
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173846-593
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173847-644
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173848-458
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173849-485
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173851-341
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173853-249
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173854-628
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173855-923
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173857-442
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173857-688
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173857-688.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173900-731
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173900-731.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173900-731.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173903-317
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173903-605
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173905-462
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173905-837
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173906-551
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173906-714
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-173907-155
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-174351-655
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-174351-655.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183829-408
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183829-902
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183829-902.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183830-544
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183830-878
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183831-509
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183831-900-ssodl.reg
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183831-900
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183844-785
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-183849-119
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184053-948
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184054-507
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184058-526
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184545-154
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184545-458
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184545-527
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-184549-711
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-114
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-246
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-436
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-602
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-830
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-846
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-926
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215700-972
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215702-258
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215702-430
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215702-605
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215702-628
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215703-202
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215703-602
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215704-198
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215704-937
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215705-348-extension.reg
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215705-348
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215705-579-Device Detector 2.lnk
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215705-579
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215719-118-extension.reg
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215719-118
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215730-384
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215733-705
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215734-276
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215735-713
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215736-820
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215831-846
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215922-153
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215922-707
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215922-722
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215922-875
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215949-126
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215949-196
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215949-299
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-215949-699
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-220011-628
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-220011-796
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-220012-328
C:\Documents and Settings\Greg\Desktop\backups\backup-20080225-220012-456
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-512
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-600
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-600.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-600.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-647
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-692
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-697
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100342-746
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-226
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-226.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-226.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-429
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-429.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-429.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-671
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-671.dll
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100343-671.inf
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100344-119
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100344-149
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100344-473
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100434-202
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100434-729
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-279
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-280
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-293-ssodl.reg
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-293
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-647
C:\Documents and Settings\Greg\Desktop\backups\backup-20080226-100524-764
C:\Documents and Settings\Greg\Desktop\backups\backup-20080312-140419-509
C:\Documents and Settings\Greg\Desktop\backups\backup-20080312-140539-530
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\BreastWomen.zip
C:\Documents and Settings\Greg\My Documents\Greg\Extra PDA Files\Extra Programs\Area Code Reverse Lookup Install File (PocketPC).exe
C:\Documents and Settings\Greg\My Documents\Screensaver\clight.exe
C:\setup.exe
C:\WINDOWS\Installer\{093038ec-b9c5-449a-819c-a09a29c231f5}\ChkBoot.dll
F:\Program Files\MySearch
F:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS
F:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
F:\Program Files\MySearch\bar\1.bin\PARTNER.BMP
F:\Program Files\MySearch\bar\1.bin\PARTNER.DAT
F:\Program Files\MySearch\bar\1.bin\S42NS.EXE
F:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
F:\Program Files\MySearch\bar\1.bin\S4UNSETP.HTA
F:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF
F:\RECYCLER\S-1-5-21-527237240-1580818891-854245398-1000\Dc2.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-03 14:37 . 2008-04-03 14:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-03 13:36 . 2008-04-03 13:37 <DIR> d-------- C:\MyBook1C
2008-04-03 13:30 . 2008-04-03 13:30 94,591,136 --a------ C:\MyBook1C.zip
2008-04-03 13:24 . 2008-04-03 13:24 4,458,698 --a------ C:\WinDLG.zip
2008-04-02 18:04 . 2008-04-02 18:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-02 18:04 . 2008-04-02 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 22:23 . 2008-03-12 22:23 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:13 --------- d-----w C:\Documents and Settings\Greg\Application Data\Canon
2008-03-31 20:36 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-31 20:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 03:42 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM
2008-02-29 02:28 --------- d-----w C:\Documents and Settings\Kids\Application Data\Grisoft
2008-02-27 03:52 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-27 01:52 --------- d-----w C:\Program Files\Norton AntiSpam
2008-02-27 01:46 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-27 01:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-27 01:45 --------- d-----w C:\Program Files\LexmarkX83
2008-02-27 01:42 --------- d-----w C:\Program Files\iTunes
2008-02-26 23:00 --------- d-----w C:\Program Files\Virtual Wallet
2008-02-26 19:06 --------- d-----w C:\Documents and Settings\Greg\Application Data\Grisoft
2008-02-26 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 05:30 1,286 ---ha-w C:\aaw7boot.cmd
2008-02-26 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 03:10 --------- d-----w C:\Program Files\Lavasoft
2008-02-26 03:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 02:52 --------- d-----w C:\Program Files\SmartDraw 7
2008-02-26 02:52 --------- d-----w C:\Program Files\AntiVirusPro
2008-02-26 02:52 --------- d-----w C:\Documents and Settings\Greg\Application Data\Anti-Virus-Pro.com
2008-02-20 22:41 --------- d-----w C:\Program Files\Musicmatch
2008-02-20 21:01 --------- d-----w C:\Program Files\Dell
2008-02-20 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 20:40 --------- d-----w C:\Program Files\Harry Potter Print Studio 5
2008-02-20 03:21 --------- d-----w C:\Program Files\Dzuptr
2008-02-20 00:00 --------- d-----w C:\Documents and Settings\Kids\Application Data\NewSoft
2008-02-13 03:39 --------- d-----w C:\Documents and Settings\Kids\Application Data\ArcSoft
2006-04-25 20:52 630,784 ----a-w C:\Documents and Settings\Greg\chatlnk.exe
2004-12-25 07:48 43,544 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 13:42 401491]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2005-05-19 14:59 176128]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 19:12 132248]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25 40960]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-26 20:47 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-12-13 13:35 684032]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 12:42 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-21 16:03 100056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 16:15 600896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 02:48 40048]
"WD Button Manager"="WDBtnMgr.exe" [2008-04-03 13:39 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-24 13:31 180269]

C:\Documents and Settings\Kids\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-02-22 17:00:48 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-11-07 18:28:21 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 16:04:48 176128]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-10-17 16:33:23 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S3 DW90USB;DW90USB Device;C:\WINDOWS\system32\DRIVERS\DW90USB.sys [2001-04-09 20:17]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-01-17 17:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd3d900-3236-11da-8992-0050228da878}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-29 05:10:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Greg.job"
- C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exeh/task:
"2008-03-31 20:36:36 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-04 03:09:00 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\Program Files\SmartDraw 7\Messages\SDNotify.exeQ-PSD -V730 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T
"2008-04-03 07:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 20:36:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Completion time: 2008-04-03 20:41:38 - machine was rebooted [Greg]
ComboFix-quarantined-files.txt 2008-04-04 03:41:33
ComboFix2.txt 2008-04-02 05:19:28
Pre-Run: 20,708,724,736 bytes free
Post-Run: 20,689,444,864 bytes free
.
2008-03-13 05:23:11 --- E O F ---
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2008, 09:03 AM   #13 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

--------------------------------------------------------------

Delete the following Folders indicated in BLUE

C:\Program Files\AntiVirusPro
C:\Documents and Settings\Greg\Application Data\Anti-Virus-Pro.com


--------------------------------------------------------------

Can you take a peek at whats inside the following folder in GREEN and report back with whats inside.


C:\Program Files\Dzuptr
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2008, 01:45 PM   #14 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
2 Folders Deleted. There was nothing in the folder C:\Program Files\Dzuptr
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2008, 07:19 PM   #15 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hi pmlsoccerfan,

You can delete the folder in green :

C:\Program Files\Dzuptr


Well done, your logs are clean! There are just a few more things I would like you to do.


The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

----------------------------------------------------------------

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
  • SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls


Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
Last edited by forhockey; 04-06-2008 at 07:21 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2008, 06:16 PM   #16 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
Deleted file. Run program to uninstall ComboFix, but remains on desktop. Spyware Blaster updated.

Which windows components should I update?

Would like to uninstall Norton Systemworks from pc and install purchased Kaspersky Internet Security version 7.0. I was unable to do this previously, can you assist or should I check other threads?
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2008, 08:33 PM   #17 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
1. The file should've delete from your desktop after completing my set of instructions. Can you run the same set of instructions from safe mode? Norton is probably interfering.

2. You can download all the high-priority updates from Windows update. (not sure what you meant by components)

3. Have you tried removing Norton from start -> control panel -> add/remove programs?

What happens when you try to remove the program? Do you get a certain error message? If so, then what is error message?
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
Last edited by forhockey; 04-07-2008 at 08:36 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-08-2008, 04:50 PM   #18 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
1. The file did not delete after running the same set of instructions in safe mode. When right click on ComboFix.exe icon, there is the 'Delete' option. Norton programs that we are running is Norton Systemworks and Norton Antispam, both 2005 versions. I followed one of the steps from the earlier step to disable Antivirus programs then tried to run the instructions in safe mode again without success.

2. Able to download Windows updates successfully.

3. Have not attempted yet. Working on number 1.
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-08-2008, 08:48 PM   #19 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,990
OS: Windows 7 Ultimate


Re: Adware/Malware popups
Hello,

Open notepad and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Greg\Desktop\ComboFix.exe"
"C:\Documents and Settings\Greg\Desktop\dss.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
%systemdrive%\Deckard
%systemdrive%\Qoobox
"C:\Documents and Settings\Greg\Local Settings\temp"
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as delete.bat Choose to "Save type as - All Files"
It should look like this:
Double click on delete.bat & allow it to run

---------------------------------------------------------------------------------------

Please reply back with the results. Then try to uninstall Norton via add/remove programs as stated in step 3 of my instructions.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
Last edited by forhockey; 04-08-2008 at 08:51 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2008, 09:34 PM   #20 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 29
OS: xp


Re: Adware/Malware popups
Apology for delay in my reply. ComboFix.exe deleted. Norton deleted. Kaspersky Internet Security installed. Thank you for your patience and all of your assistance.
pmlsoccerfan is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:46 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2010, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84