Author Topic: Popups (Read 693 times)

Small Shoe Magoo · « **on:** May 01, 2008, 04:08:13 PM »

I've been receiving a few non-threatening ads lately, but I would just like to know if there is anything wrong, and am hoping you could help me out

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />.

Here is my Hijackthis and Deckard's log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:02 PM, on 5/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Program Files\Windows Defender\MSASCui.exe
H:\Windows\SOUNDMAN.EXE
H:\Windows\System32\rundll32.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\RocketDock\RocketDock.exe
H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Media Player\wmpnscfg.exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\ehome\ehmsas.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Program Files\FirstClass\fcc32.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Users\Family\Downloads\dss.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE H:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "H:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - H:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\Windows\system32\IoctlSvc.exe

--
End of file - 6921 bytes

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Deckards -

Deckard's System Scanner v20071014.68
Run by Family on 2008-05-01 14:02:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2008-05-01 04:05:40 UTC - RP57 - Removed Google Toolbar for Internet Explorer
10: 2008-04-29 12:25:12 UTC - RP56 - Scheduled Checkpoint
9: 2008-04-28 15:06:25 UTC - RP55 - Scheduled Checkpoint
8: 2008-04-27 21:23:25 UTC - RP54 - Scheduled Checkpoint
7: 2008-04-26 04:08:06 UTC - RP52 - Scheduled Checkpoint

-- First Restore Point --
1: 2008-04-24 04:53:14 UTC - RP45 - Installed GTA2

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Family.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:22 PM, on 5/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
H:\Windows\system32\taskeng.exe
H:\Windows\system32\Dwm.exe
H:\Windows\Explorer.EXE
H:\Program Files\Windows Defender\MSASCui.exe
H:\Windows\SOUNDMAN.EXE
H:\Windows\System32\rundll32.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Windows\ehome\ehtray.exe
H:\Program Files\RocketDock\RocketDock.exe
H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Media Player\wmpnscfg.exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Windows\system32\wbem\unsecapp.exe
H:\Windows\ehome\ehmsas.exe
H:\Windows\System32\rundll32.exe
H:\Program Files\Windows Sidebar\sidebar.exe
H:\Program Files\FirstClass\fcc32.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Users\Family\Downloads\dss.exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE H:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] H:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] H:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "H:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - H:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\Windows\system32\IoctlSvc.exe

--
End of file - 6907 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].js - jsfile - DefaultIcon - "H:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7[/color]
[color=\"red\"].js - jsfile - shell\open\command - "H:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BS_I2cIo - \??\h:\windows\system32\drivers\bs_i2cio.sys
R2 npkcrypt - \??\h:\nexon\maplestory\npkcrypt.sys
R3 npkcusb - \??\h:\nexon\maplestory\npkcusb.sys

S3 BS_Flash - \??\h:\program files\tseries bios update\award\bs_flash.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "h:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "h:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - h:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - h:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 FLEXnet Licensing Service - "h:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_4149&SUBSYS_53011565&REV_80\4&2BE12347&0&5940
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_4149&SUBSYS_53011565&REV_80\4&2BE12347&0&5940
Service:

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\3&13C0B0C5&1
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&13C0B0C5&1
Service: i8042prt

Class GUID:
Description:
Device ID: ACPI\PNPB006\3&13C0B0C5&1
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&13C0B0C5&1
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-04-30 21:36:17 420 --ah----- H:\Windows\Tasks\User_Feed_Synchronization-{46C79502-3496-4DCD-9D8F-F032F5D74A8E}.job

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-29 15:12:59 0 d-------- H:\Program Files\ubroadcast station manager
2008-04-29 14:59:56 0 d-------- H:\Program Files\Trend Micro
2008-04-28 18:48:02 0 d-------- H:\Users\All Users\Google Updater
2008-04-28 17:23:52 0 d-------- H:\Users\Family\.netbeans-derby
2008-04-28 16:43:11 0 d-------- H:\Program Files\glassfish-v2ur2
2008-04-28 16:30:18 0 d-------- H:\Program Files\NetBeans 6.1
2008-04-28 15:04:27 3604 --a------ H:\Windows\system32\drivers\BS_Flash.sys
2008-04-28 15:04:26 16768 --a------ H:\Windows\system32\drivers\BS_I2cIo.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
2008-04-28 15:03:45 0 d-------- H:\Program Files\Tseries BIOS Update
2008-04-28 13:42:20 0 d-------- H:\Program Files\Gamevance
2008-04-24 18:20:14 0 d-------- H:\Program Files\Microsoft Office Outlook Connector
2008-04-24 18:18:57 0 d-------- H:\Program Files\MSECache
2008-04-24 12:26:27 0 d-------- H:\Program Files\Apple Software Update
2008-04-23 21:59:35 0 d-------- H:\Program Files\directx
2008-04-23 21:57:53 0 d-------- H:\Program Files\Rockstar Games
2008-04-23 20:30:06 0 d-------- H:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-22 14:59:44 0 d-------- H:\Program Files\DAP Premium
2008-04-19 18:24:28 0 d-------- H:\Windows\system32\directx
2008-04-19 18:13:49 0 d-------- H:\Program Files\DivX
2008-04-19 18:03:50 0 d-------- H:\Users\Family\.netbeans
2008-04-19 16:55:14 4682 --a------ H:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-04-19 16:55:05 0 d-------- H:\Program Files\Common Files\INCA Shared
2008-04-19 16:10:00 0 d-------- H:\Nexon
2008-04-19 14:19:58 0 d-------- H:\Windows\system32\js
2008-04-19 14:19:58 0 d-------- H:\Windows\system32\images
2008-04-19 14:19:58 0 d-------- H:\Windows\system32\html
2008-04-19 14:19:58 0 d-------- H:\Windows\system32\css
2008-04-19 14:19:58 0 d-------- H:\Program Files\Business Objects
2008-04-19 14:12:27 0 d-------- H:\Program Files\Microsoft SQL Server
2008-04-19 14:11:39 0 d-------- H:\Program Files\Microsoft Device Emulator
2008-04-19 14:09:02 0 d-------- H:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-19 14:07:51 0 d-------- H:\Program Files\Microsoft Synchronization Services
2008-04-19 14:07:50 0 d-------- H:\Program Files\Microsoft SQL Server Compact Edition
2008-04-19 13:50:30 0 d-------- H:\Users\All Users\PreEmptive Solutions
2008-04-19 13:36:46 0 d-------- H:\Windows\symbols
2008-04-19 13:35:46 0 d-------- H:\Windows\system32\1033
2008-04-19 13:31:34 0 d-------- H:\Program Files\Microsoft SDKs
2008-04-19 13:31:34 0 d-------- H:\Program Files\HTML Help Workshop
2008-04-19 13:31:34 0 d-------- H:\Program Files\Common Files\Merge Modules
2008-04-19 13:31:32 0 d-------- H:\Program Files\CE Remote Tools
2008-04-19 13:31:28 0 d-------- H:\Program Files\Microsoft Visual Studio 9.0
2008-04-19 13:25:44 0 d-------- H:\Program Files\Microsoft Web Designer Tools
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Templates
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Start Menu
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\SendTo
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Recent
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\PrintHood
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\NetHood
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\My Documents
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Local Settings
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Cookies
2008-04-18 13:47:01 0 d--hs---- H:\Users\Mcx1\Application Data
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Videos
2008-04-18 13:46:58 0 d-------- H:\Users\Mcx1\Saved Games
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Pictures
2008-04-18 13:46:58 1835008 --ahs---- H:\Users\Mcx1\NTUSER.DAT
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Music
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Links
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Favorites
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Downloads
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Documents
2008-04-18 13:46:58 0 dr------- H:\Users\Mcx1\Desktop
2008-04-18 13:46:58 0 d--h----- H:\Users\Mcx1\AppData
2008-04-18 13:24:45 0 d-------- H:\Program Files\MSXML 4.0
2008-04-17 19:54:26 0 d-------- H:\Program Files\NeroInstall.bak
2008-04-17 19:42:35 0 d-------- H:\Users\All Users\Nero
2008-04-17 19:42:35 0 d-------- H:\Program Files\Nero
2008-04-17 19:42:34 0 d-------- H:\Program Files\Common Files\Nero
2008-04-17 18:53:10 0 d-------- H:\Users\All Users\Azureus
2008-04-17 17:52:11 0 d-------- H:\Users\All Users\Adobe
2008-04-17 16:40:32 0 d-------- H:\Program Files\Common Files\AnimeVamp
2008-04-16 21:16:24 304128 --a------ H:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShieldÂ® unInstaller>
2008-04-16 21:10:29 0 d-------- H:\Program Files\Final Fantasy VII
2008-04-16 20:35:56 96645 --a------ H:\Windows\system32\drivers\klin.dat
2008-04-16 20:35:56 87941 --a------ H:\Windows\system32\drivers\klick.dat
2008-04-16 20:34:32 0 d-------- H:\Program Files\Kaspersky Lab
2008-04-16 20:34:30 0 d-------- H:\Users\All Users\Kaspersky Lab
2008-04-16 20:34:25 12897056 --ahs---- H:\Windows\system32\drivers\fidbox.dat
2008-04-16 20:11:27 0 d-------- H:\Users\All Users\Kaspersky Lab Setup Files
2008-04-16 19:23:08 0 d-------- H:\Program Files\kav
2008-04-16 00:07:22 0 d-------- H:\Program Files\Halo CE 2.0
2008-04-15 23:33:04 0 d-------- H:\Windows\Full Speed
2008-04-15 23:33:04 0 d-------- H:\Program Files\Full Speed
2008-04-15 23:17:10 0 d-------- H:\Program Files\RocketDock
2008-04-15 22:59:48 0 d-------- H:\PerfLogs
2008-04-15 22:25:08 0 d-------- H:\4b4cf3b630a648587804a073
2008-04-15 21:34:10 0 d-------- H:\Windows\pss
2008-04-15 20:36:38 0 d-------- H:\Linksys Driver
2008-04-15 20:36:11 0 d-------- H:\Program Files\Linksys
2008-04-15 19:29:33 0 d-------- H:\Program Files\Common Files\InstallShield
2008-04-15 02:23:47 676224 --a------ H:\Windows\system32\OGACheckControl.dll
2008-04-15 02:11:46 0 d-------- H:\Program Files\7-Zip
2008-04-15 02:11:13 0 d-------- H:\Program Files\Microsoft Works
2008-04-15 02:09:27 0 d-------- H:\Windows\PCHEALTH
2008-04-15 02:09:27 0 d-------- H:\Program Files\Microsoft.NET
2008-04-15 02:05:18 0 d-------- H:\Users\All Users\Microsoft Help
2008-04-15 02:03:50 0 dr-h----- H:\MSOCache
2008-04-15 01:26:30 0 d-------- H:\Program Files\Microsoft Silverlight
2008-04-15 01:19:50 0 d--hs--c- H:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 01:19:39 0 d-------- H:\Program Files\BitLocker
2008-04-15 01:19:27 0 d-------- H:\Program Files\Windows Live
2008-04-15 01:16:34 0 d-------- H:\Users\All Users\WLInstaller
2008-04-15 01:12:45 0 d-------- H:\Program Files\iPod
2008-04-15 01:12:25 0 d-------- H:\Program Files\iTunes
2008-04-15 01:10:49 0 d-------- H:\Program Files\QuickTime
2008-04-15 01:10:48 0 d-------- H:\Users\All Users\Apple Computer
2008-04-15 01:05:56 0 d-------- H:\Program Files\Common Files\Apple
2008-04-15 01:05:53 0 d-------- H:\Users\All Users\Apple
2008-04-15 01:05:34 0 d-------- H:\Program Files\LimeWire
2008-04-15 00:42:24 0 d-------- H:\Windows\Sun
2008-04-15 00:40:50 0 d-------- H:\Users\All Users\Google
2008-04-15 00:40:46 0 d-------- H:\Program Files\Google
2008-04-15 00:38:55 0 d-------- H:\Users\All Users\FirstClass
2008-04-15 00:38:55 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-04-15 00:38:52 0 d-------- H:\Program Files\FirstClass
2008-04-15 00:37:18 0 d-------- H:\Users\Family\.netbeans-registration
2008-04-15 00:36:08 0 d-------- H:\Program Files\NetBeans 6.0.1
2008-04-15 00:33:20 0 d-------- H:\Program Files\Common Files\Java
2008-04-15 00:33:07 0 d-------- H:\Program Files\Java
2008-04-15 00:32:46 0 d-------- H:\Users\Family\.nbi
2008-04-15 00:19:17 0 d-------- H:\Users\All Users\FLEXnet
2008-04-15 00:18:37 0 d-------- H:\Users\All Users\NVIDIA
2008-04-15 00:02:39 0 d-------- H:\Program Files\Bonjour
2008-04-14 23:45:51 0 d-------- H:\Program Files\Common Files\Macrovision Shared
2008-04-14 23:44:50 0 d--hs---- H:\Windows\Installer
2008-04-14 23:44:47 0 d-------- H:\Program Files\Common Files\Adobe
2008-04-14 23:21:32 0 --a------ H:\Windows\nsreg.dat
2008-04-14 23:13:18 0 d-------- H:\Windows\system32\Macromed
2008-04-14 23:07:46 0 d-------- H:\Windows\Panther
2008-04-14 22:50:04 0 dr------- H:\Users\Family\Searches
2008-04-14 22:49:30 0 dr------- H:\Users\Family\Contacts
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Templates
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Start Menu
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\SendTo
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Recent
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\PrintHood
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\NetHood
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\My Documents
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Local Settings
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Cookies
2008-04-14 22:49:14 0 d--hs---- H:\Users\Family\Application Data
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Videos
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Saved Games
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Pictures
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Music
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Links
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Favorites
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Downloads
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Documents
2008-04-14 22:49:11 0 dr------- H:\Users\Family\Desktop
2008-04-14 22:49:11 0 d--h----- H:\Users\Family\AppData
2008-04-14 22:49:10 2359296 --ahs---- H:\Users\Family\NTUSER.DAT
2008-04-14 22:10:24 0 d-------- H:\Windows\Debug
2008-04-14 22:10:23 0 d-------- H:\Windows\CSC
2008-04-14 22:09:08 0 d-------- H:\Windows\Prefetch
2008-04-14 22:08:56 0 d--hs---- H:\System Volume Information
2008-04-14 19:40:13 0 d-------- H:\Windows\SoftwareDistribution

-- Find3M Report ---------------------------------------------------------------

2008-04-28 19:14:37 0 d-------- H:\Users\Family\AppData\Roaming\Google
2008-04-23 20:30:23 0 d-------- H:\Users\Family\AppData\Roaming\Mozilla
2008-04-23 19:44:21 0 d-------- H:\Users\Family\AppData\Roaming\LimeWire
2008-04-23 08:51:18 0 d-------- H:\Users\Family\AppData\Roaming\Adobe
2008-04-19 18:21:03 0 d-------- H:\Users\Family\AppData\Roaming\Microsoft Game Studios
2008-04-19 18:14:35 0 d-------- H:\Users\Family\AppData\Roaming\DivX
2008-04-19 16:56:03 0 d-------- H:\Users\Family\AppData\Roaming\Nexon
2008-04-19 16:55:05 0 d-------- H:\Program Files\Common Files
2008-04-19 16:10:07 0 d-------- H:\Users\Family\AppData\Roaming\Azureus
2008-04-19 13:38:26 0 d-------- H:\Program Files\MSBuild
2008-04-19 13:08:24 0 d-------- H:\Program Files\Microsoft Games
2008-04-17 19:49:04 0 d-------- H:\Users\Family\AppData\Roaming\Nero
2008-04-16 20:01:53 0 d-------- H:\Users\Family\AppData\Roaming\WinRAR
2008-04-15 23:07:48 174 --ahs---- H:\Program Files\desktop.ini
2008-04-15 23:00:36 0 d-------- H:\Program Files\Windows Sidebar
2008-04-15 23:00:36 0 d-------- H:\Program Files\Windows Mail
2008-04-15 23:00:36 0 d-------- H:\Program Files\Windows Calendar
2008-04-15 23:00:36 0 d-------- H:\Program Files\Movie Maker
2008-04-15 23:00:35 0 d-------- H:\Program Files\Windows Photo Gallery
2008-04-15 23:00:35 0 d-------- H:\Program Files\Windows Journal
2008-04-15 23:00:35 0 d-------- H:\Program Files\Windows Collaboration
2008-04-15 23:00:33 0 d-------- H:\Program Files\Windows Defender
2008-04-15 01:13:21 0 d-------- H:\Users\Family\AppData\Roaming\Apple Computer
2008-04-15 00:38:43 0 d-------- H:\Users\Family\AppData\Roaming\InstallShield
2008-04-14 23:23:54 0 d-------- H:\Users\Family\AppData\Roaming\Talkback
2008-04-14 23:13:25 0 d-------- H:\Users\Family\AppData\Roaming\Macromedia
2008-04-14 22:49:42 0 d-------- H:\Users\Family\AppData\Roaming\Identities
2008-03-31 14:25:48 823296 --a------ H:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivXÂ®>
2008-03-31 14:25:48 823296 --a------ H:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivXÂ®>
2008-03-31 14:25:46 802816 --a------ H:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ H:\Windows\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ H:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivXÂ®>
2008-03-21 13:30:08 3596288 --a------ H:\Windows\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ H:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ H:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ H:\Windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="H:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 12:38 AM]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM H:\Windows\SOUNDMAN.EXE]
"NvSvc"="H:\Windows\system32\nvsvc.dll" [09/12/2007 05:28 AM]
"NvCplDaemon"="H:\Windows\system32\NvCpl.dll" [09/12/2007 05:28 AM]
"NvMediaCenter"="H:\Windows\system32\NvMcTray.dll" [09/12/2007 05:28 AM]
"AVP"="H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]
"NBKeyScan"="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="H:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 12:33 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="H:\Windows\ehome\ehTray.exe" [01/19/2008 12:33 AM]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/28/2008 06:48 PM]
"RocketDock"="H:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"msnmsgr"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"WMPNSCFG"="H:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 12:33 AM]

H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - H:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/28/2008 6:48:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=H:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=H:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=H:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"H:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"H:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
H:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-01 14:09:58 ------------

Thank you again. Matt

guestolo · « **Reply #1 on:** May 01, 2008, 11:51:03 PM »

Quote

I've been receiving a few non-threatening ads lately

Can you explain what you mean by that please?

Small Shoe Magoo · « **Reply #2 on:** May 02, 2008, 10:34:34 AM »

A few ads here and there, on sites that I know don't have popups. A scan w/ my antispyware didn't find anything as well, so its nothing too serious.

guestolo · « **Reply #3 on:** May 02, 2008, 09:44:35 PM »

Let's see if the following shows anything
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes
Post also a fresh hijackthis log

guestolo · « **Reply #4 on:** July 06, 2008, 07:59:23 PM »

Since the original poster has not returned, I'll lock this topic

TheTechGuide Forum

News:

Author Topic: Popups (Read 693 times)

Small Shoe Magoo

Popups

guestolo

Popups

Small Shoe Magoo

Popups

guestolo

Popups

guestolo

Popups