Thread: Possible Spamming Virus
View Single Post
Old 08-11-2007, 02:30 PM   #6 (permalink)
dland
Registered User
 
Join Date: Dec 2006
Posts: 10
OS: WinXP


Re: Possible Spamming Virus
Ried,

Thanks again for the help. Unfortunately, I didn't read the instructions closely enough and messed up some a few of the AVG Anti Spyware steps. I didn't turn of Resident Shield or set the Recommended Action to Quarantine before I ran the scanner. The infected files it found were deleted, not quarantined. I apologize; hopefully I didn't mess up my chances for help.

Also, I did not send any files to Spywareinfo. I sure hope my computer isn't sending people things on my behalf.

Anyway, here are the logs you asked for:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:45:36 AM 8/11/2007

+ Scan result:



HKU\S-1-5-21-823518204-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-823518204-1482476501-839522115-1015\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned.
C:\Documents and Settings\David K. Land\My Documents\HijackThis\backups\backup-20041222-201638-280.dll -> Adware.Midaddle : Cleaned.
C:\!Submit\n489jdP.exe -> Adware.Midadle : Cleaned.
C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned.
C:\!Submit\s2aP6Ra8.exe -> Adware.WinFetcher : Cleaned.
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058166.exe -> Downloader.Agent.a : Cleaned.
C:\Overpro323.exe -> Downloader.Agent.ac : Cleaned.
C:\dist1_1_00.exe -> Downloader.Agent.ec : Cleaned.
C:\!PeperFix\Ahy0J.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\AyeYd.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Cxmql42.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Fah1q5.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\HuoTdA.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Ioq3SEW6.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Jlyov72.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Lus22B.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\QlsO0A55.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Sacm.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Szep85ln.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\VsbW.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Xay5.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Zaf85.exe -> Downloader.VB.em : Cleaned.
C:\!PeperFix\Zvn6.exe -> Downloader.VB.em : Cleaned.
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1100\A0060400.exe -> Downloader.Wirefall : Cleaned.
C:\System Volume Information\_restore{D6444FA4-513D-49C7-A150-DECE45EBB665}\RP1091\A0058165.dll -> Dropper.Small.sf : Cleaned.
C:\FINDnFIX\Files2\un.exe -> Hijacker.StartPage : Cleaned.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\FINDnFIX\keys1\NirComLine.exe -> Not-A-Virus.RemoteAdmin.Win32.NirCmdLine.14 : Ignored.
:mozilla.10:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.473:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.202:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.203:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.313:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.314:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.45:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.446:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.499:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.247:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.323:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.324:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.233:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.482:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.483:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.484:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.485:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.432:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.433:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.434:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.435:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.436:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.109:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.547:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.366:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.373:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.44:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.410:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.534:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.272:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.158:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.415:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.416:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.205:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.208:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.413:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.456:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.457:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.458:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.459:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.406:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.111:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.132:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.248:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.249:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.250:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.41:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.42:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.43:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.398:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.185:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.188:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.189:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.134:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.361:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.407:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.369:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.372:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.348:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.325:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.326:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.408:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.418:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.419:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.191:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.192:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.193:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.450:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.461:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.535:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.144:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.145:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.146:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.147:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.265:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.266:C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end




---Panda results---

Incident Status Location

Adware:adware/ipinsight Not disinfected c:\windows\inf\polall1r.inf
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin
Adware:adware/portalscan Not disinfected c:\program files\STC
Adware:adware/iedriver Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\!Submit\enth.exe
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[Installer.class]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.go.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.rightmedia.net/]
Adware:Adware/Midaddle Not disinfected Personal Folders\Sent Items\HJT forum files\n489jdP.zip[n489jdP.exe]
Adware:Adware/StatBlaster Not disinfected Personal Folders\Sent Items\HJT forum files\s2aP6Ra8.zip[s2aP6Ra8.exe]
Adware:Adware/ESyndicate Not disinfected Personal Folders\Sent Items\HJT forum files\esyn.zip[esyn.dll]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\HJT forum files\enth.zip[enth.exe]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\HJT forum files\drm.zip[drm.dll]
Adware:Adware/Midaddle Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\n489jdP.zip[n489jdP.exe]
Adware:Adware/StatBlaster Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\s2aP6Ra8.zip[s2aP6Ra8.exe]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\enth.zip[enth.exe]
Adware:Adware/ESyndicate Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\esyn.zip[esyn.dll]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\drm.zip[drm.dll]





---main.txt---

Deckard's System Scanner v20070809.63
Run by Dave on 2007-08-11 at 15:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2007-08-11 20:13:16 UTC - RP1106 - Deckard's System Scanner Restore Point
106: 2007-08-10 19:15:18 UTC - RP1105 - System Checkpoint
105: 2007-08-09 18:33:12 UTC - RP1104 - Software Distribution Service 3.0
104: 2007-08-08 13:51:22 UTC - RP1103 - Software Distribution Service 3.0
103: 2007-08-07 13:28:30 UTC - RP1102 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-05-14 14:00:58 UTC - RP1000 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-11 15:15:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\David K. Land\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index....10292&ttid=104
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKEY_LOCAL_MACHINE\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\Program Files\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\Program Files\CheckIt\86\CheckIt86.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://akamai.net (HKCU)
O15 - Trusted Zone: http://live.com (HKCU)
O15 - Trusted Zone: http://netlibrary.com (HKCU)
O15 - Trusted Zone: http://start.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://ampfemail.ampadvisor.aexp.co...om0/iNotes.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1152030466531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152030460656
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b.../java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - "C:\Program Files\CVSNT\cvslock.exe"
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - "C:\Program Files\CVSNT\cvsservice.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 PacketNTx (Packet helper driver) - c:\windows\system32\drivers\packetntx.sys <Not Verified; Sumix Co.; Sumix Packet Helper Driver>
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - c:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 PSSdk21 - c:\windows\system32\drivers\hnpssdk.drv (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 cvslock (CVSNT Locking Service 2.5.03.2382) - "c:\program files\cvsnt\cvslock.exe"
R2 cvsnt (CVSNT Dispatch service 2.5.03.2382) - "c:\program files\cvsnt\cvsservice.exe" <Not Verified; March Hare Software Ltd; cvsnt>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&19FD8D60&0&40F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891028&REV_01\4&19FD8D60&0&40F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 09:51:52 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2004-08-25 10:18:17 428 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 00:41:39 0 d-------- C:\Documents and Settings\David K. Land\Application Data\Grisoft
2007-08-11 00:20:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-05 19:56:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-05 19:41:53 0 d-------- C:\WINDOWS\network diagnostic
2007-08-05 16:08:05 0 d-------- C:\HiJackThis
2007-08-05 16:01:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-05 16:01:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-05 15:52:29 0 d-------- C:\Program Files\SpywareBlaster
2007-08-04 17:39:28 0 d-------- C:\Program Files\WndTabs.com
2007-08-02 14:18:26 0 d-------- C:\Documents and Settings\David K. Land\Application Data\pdf995
2007-08-02 14:16:31 0 d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2007-08-02 14:16:30 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-08-02 14:16:30 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2007-08-02 14:15:52 0 d-------- C:\Program Files\pdf995
2007-07-29 12:13:54 0 d-------- C:\TJRescue
2007-07-29 12:10:41 0 d-------- C:\Documents and Settings\David K. Land\Application Data\SmartFTP
2007-07-29 12:10:10 0 d-------- C:\Program Files\SmartFTP Client
2007-07-28 15:08:41 44544 --a------ C:\WINDOWS\system32\r3dgif89.dll <Not Verified; ; Gif89 Module>
2007-07-28 15:08:40 0 d-------- C:\Risen3D
2007-07-28 01:38:47 0 d--h----- C:\WINDOWS\PIF
2007-07-27 23:49:51 417792 --a------ C:\WINDOWS\system32\MsRepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-07-27 23:49:51 262144 --a------ C:\WINDOWS\system32\MSRD2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-07-27 23:49:47 0 d-------- C:\Program Files\windoom
2007-07-27 23:49:28 29696 --a------ C:\WINDOWS\system32\VB5StKit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-07-27 23:49:28 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-07-27 23:45:02 0 d-------- C:\windoom
2007-07-26 23:03:11 0 d-------- C:\chocolate-doom-0.1.1 <CHOCOL~1.1>
2007-07-25 23:27:55 0 d-------- C:\Documents and Settings\David K. Land\Application Data\WinRAR
2007-07-25 23:27:16 1207026 --a------ C:\wrar370.exe
2007-07-25 23:26:19 0 d-------- C:\doomsrc
2007-07-25 11:40:28 0 d-------- C:\Documents and Settings\David K. Land\Application Data\ZoomBrowser EX
2007-07-25 11:29:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-07-25 11:29:30 0 d-------- C:\Program Files\Canon
2007-07-25 11:16:08 0 d-------- C:\Program Files\Common Files\Canon


-- Find3M Report ---------------------------------------------------------------

2007-08-11 10:45:03 0 d-------- C:\Program Files\Windows Defender
2007-08-11 10:39:25 0 d-------- C:\Program Files\Norton AntiVirus
2007-08-11 10:24:51 0 d-------- C:\Program Files\CVSNT
2007-08-11 10:24:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-05 16:51:46 0 d-------- C:\Program Files\PeDevice
2007-08-05 16:01:38 0 d-------- C:\Program Files\Lavasoft
2007-08-05 16:01:07 0 d-------- C:\Program Files\Common Files
2007-07-28 12:26:43 0 d-------- C:\Program Files\SourceGear
2007-07-03 23:54:50 0 d-------- C:\Program Files\Taldren
2007-07-01 14:32:35 0 d-------- C:\Program Files\Wal-Mart Music Downloads Store
2007-07-01 14:29:34 0 d-------- C:\Documents and Settings\David K. Land\Application Data\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 03:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2003 01:16 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [07/17/2003 01:16 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 04:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 05:48 AM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 04:48 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07/29/2006 07:34 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]

C:\Documents and Settings\David K. Land\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [5/23/2006 5:17:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CheckIt 86.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CheckIt 86.lnk
backup=C:\WINDOWS\pss\CheckIt 86.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David K. Land^Start Menu^Programs^Startup^Outlook Express Monitor.lnk]
path=C:\Documents and Settings\David K. Land\Start Menu\Programs\Startup\Outlook Express Monitor.lnk
backup=C:\WINDOWS\pss\Outlook Express Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David K. Land^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
path=C:\Documents and Settings\David K. Land\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
C:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2007-08-11 at 15:18:42 ---------


Thanks again,
Dave
Attached Files
File Type: txt extra.txt (24.4 KB, 1 views)
dland is offline