PDA

View Full Version : 80% sure this is spyware...


Feather Duster
16-09-08, 05:48
I'm getting a lot of pop-ups blocked. Sometimes, when i go to deviantart or imageshack, I get taken somewhere else. Usually a cheap website, funfling.com or lovecalculator.com!

Is it? I downloaded spybot search and destroy, hopefully, that will take care of this.

EscondeR
16-09-08, 05:49
Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report also :)

Feather Duster
16-09-08, 05:54
Be right back! :)

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"HP Health Check Service"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HP Health Check Service
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_service.exe"
Enabled: [V]


Program:
"Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LightScribeService
Program path & name:
"c:\program files\common files\lightscribe\lssrvc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PermissionResearch
Program path & name:
File not found: C:\Program Files\PermissionResearch\prservice.exe"
Enabled: [V]


Program:
"Protexis Licensing Service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ProtexisLicensing
Program path & name:
c:\windows\system32\psiservice.exe"
Enabled: [V]


Program:
"Tablet Service Driver"
Publisher:
"(Not verified) Tablet Driver"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
WinTabService
Program path & name:
"c:\windows\system32\drivers\wtsrv.exe"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Firewall driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgWfpX
Program path & name:
"c:\windows\system32\drivers\avgwfpx.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"@%systemroot%\system32\sstpsvc.dll
Publisher:
-202"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RasSstp
Program path & name:
"File not found: system32\DRIVERS\rassstp.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Tablet2k
Program path & name:
File not found: C:\Windows\System32\Drivers\Tablet2k.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\Program
Program path & name:
File not found: C:\Program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
Files\PermissionResearch\prai.dll
Program path & name:
File not found: Files\PermissionResearch\prai.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\Program
Program path & name:
File not found: C:\Program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
Files\PermissionResearch\prai.dll
Program path & name:
File not found: Files\PermissionResearch\prai.dll"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"hpsysdrv"
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
hpsysdrv
Program path & name:
"c:\hp\support\hpsysdrv.exe"
Enabled: [V]


Program:
"OsdMaestro main program"
Publisher:
"(Not verified) OsdMaestro"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
OsdMaestro
Program path & name:
"c:\program files\hewlett-packard\on-screen osd indicator\osd.exe"
Enabled: [V]


Program:
"HP Health Check Scheduler"
Publisher:
"(Verified) Hewlett-Packard"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Health Check Scheduler
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateReg
Program path & name:
"c:\windows\system32\jureg.exe"
Enabled: [V]


Program:
"Hewlett-Packard Product Assistant"
Publisher:
"(Not verified) Hewlett-Packard Co."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NSWatchDog
Program path & name:
File not found: C:\Windows\NSWATC~1.EXE &PT=MP&MI=60039538605&OS=Microsoft_Windows_Vista_version_6.0"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"Tablet Client Driver"
Publisher:
"(Not verified) Tablet Driver"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WTClient
Program path & name:
"c:\windows\system32\wtclient.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"Launcher"
Publisher:
"(Not verified) soft thinks"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
Launcher
Program path & name:
"c:\windows\sminst\launcher.exe"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"EA Download Manager"
Publisher:
"(Not verified) Electronic Arts"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
EA Core
Program path & name:
"c:\program files\electronic arts\eadm\core.exe"
Enabled: [V]


Program:
"System settings protector"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpybotSD TeaTimer
Program path & name:
"c:\program files\spybot - search & destroy\teatimer.exe"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
&Yahoo! Toolbar Helper
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_01\bin\ssv.dll"
Enabled: [V]


Program:
"Yahoo! Single Instance for Mail"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SingleInstance Class
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\ytsingleinsta nce.dll"
Enabled: [V]


Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellViewRTF
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell Options
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
Enabled: [V]

EscondeR
16-09-08, 06:24
1. Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).
2. Boot in Safe Mode.
3. Run Autoruns and kill those entries:


Program:
"HP Health Check Service"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HP Health Check Service
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_service.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PermissionResearch
Program path & name:
File not found: C:\Program Files\PermissionResearch\prservice.exe"
Enabled: [V]


Program:
"Protexis Licensing Service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ProtexisLicensing
Program path & name:
c:\windows\system32\psiservice.exe"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"@%systemroot%\system32\sstpsvc.dll
Publisher:
-202"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RasSstp
Program path & name:
"File not found: system32\DRIVERS\rassstp.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Tablet2k
Program path & name:
File not found: C:\Windows\System32\Drivers\Tablet2k.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\Program
Program path & name:
File not found: C:\Program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
Files\PermissionResearch\prai.dll
Program path & name:
File not found: Files\PermissionResearch\prai.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\Program
Program path & name:
File not found: C:\Program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
Files\PermissionResearch\prai.dll
Program path & name:
File not found: Files\PermissionResearch\prai.dll"
Enabled: [V]


Program:
"HP Health Check Scheduler"
Publisher:
"(Verified) Hewlett-Packard"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Health Check Scheduler
Program path & name:
"c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateReg
Program path & name:
"c:\windows\system32\jureg.exe"
Enabled: [V]


Program:
"Hewlett-Packard Product Assistant"
Publisher:
"(Not verified) Hewlett-Packard Co."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NSWatchDog
Program path & name:
File not found: C:\Windows\NSWATC~1.EXE &PT=MP&MI=60039538605&OS=Microsoft_Windows_Vista_version_6.0"
Enabled: [V]


Program:
"Launcher"
Publisher:
"(Not verified) soft thinks"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Entry name:
Launcher
Program path & name:
"c:\windows\sminst\launcher.exe"
Enabled: [V]


Program:
"EA Download Manager"
Publisher:
"(Not verified) Electronic Arts"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
EA Core
Program path & name:
"c:\program files\electronic arts\eadm\core.exe"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
&Yahoo! Toolbar Helper
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
ieSpell Options
Program path & name:
File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
Enabled: [V]


4. Install Zone Alarm (http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp) and you'll be safe from pop-ups and redirects.

Feather Duster
16-09-08, 06:29
Alrighty :)

SquallLion
16-09-08, 12:40
lavasoft Ad Adware Se is a freeware (for non -commercial or professional): he can't stop the spy but it can kill all.
to stop the spy, i use Spyware Blaster, another freeware (automatic, update manual by default)