Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
not sure if i have spyware, adware or virus not sure if i have spyware, adware or virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-21-2007, 02:01 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


not sure if i have spyware, adware or virus
I can't remove some files :(

Greetings to all of you guys.


I have a E-machines celeron computer with Windows XP.

2 days ago, I was trying to download a software with a registry key that I found though google, but the registry key was the biggest mistake I ever did with a computer! It spread a virus (or spyware, not sure) that I can't remove it! In the past I used to remove those adware and software with hijack.exe, vundofix.exe, combofix.exe...I also tried the method of using task manager (close explorer.exe then use cmd) no luck so far.

Now I have 3 files that I can't remove:

1)documents & settings/username/local settings/temp/dudjaumy.dat

2) windows/system32/mcprop.dll (mcproprs.dll is safe)

3) windows/system32/drivers/hitjshzw.dat

Also, another weird thing, is on Program files a new folder installed itself: Outlook Express with about 15 .exe and .dll files, I delete them, but I can't delete the folder. 5 seconds after I delete those files, they come back :/

Anyone can help?

Thank you.

Tony.



Is there any way that I can get rid of those 3 files? Thanks!



Tony.
cooltony is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 10:41 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: not sure if i have spyware, adware or virus
Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall have a proper set of logs for us after that. Someone will be along shortly
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 12:55 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


Re: not sure if i have spyware, adware or virus
Hey Subs, thanks buddy. I did some of the steps from the 5step process. But I am starting all over again and I will post everything what happens from each step.

Tony.
cooltony is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 08:00 PM   #4 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


Re: not sure if i have spyware, adware or virus
I just did all 5 steps.
I skipped the 4th step since I have the SP2

I attached the following files:
Activescan.txt
extra.txt <----from 2 days ago since it doesnt save a new one
main.txt
hijackthis.txt


Whenever I open IE or Windows Explorer AVG antispyware popups with message MALWARE FOUND BHO.abo C:\Windows\system32\cmprop.dll. I click on OK to clean and quarantine, after reboot, it still comes up :/

Thank you.

Tony.



---------------



Logfile of HijackThis v1.99.1
Scan saved at 9:38:59 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\server\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\server\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Driton\Desktop\dss.exe
C:\DOCUME~1\Driton\Desktop\Driton.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A303B734-085F-404A-A7ED-8DBF8E0F704E} - C:\WINDOWS\system32\cmprop.dll
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\server\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe



------------




Incident Status Location

Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\system32\cmprop.dll
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/topmoxie Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Driton\Application Data\Mozilla\Firefox\Profiles\tdvu2o9r.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Driton\Cookies\driton@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Driton\Cookies\driton@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Driton\Cookies\driton@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Driton\Cookies\driton@mediaplex[1].txt
Virus:Generic Trojan Disinfected C:\Documents and Settings\Driton\Desktop\ComboFix.exe
Possible Virus. Not disinfected C:\Documents and Settings\Driton\Desktop\Photoshop8\Photoshop\almuirsc.dll
Virus:Trj/Clicker.XQ Disinfected C:\Program Files\func.js
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.247realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.ads.addynamix.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.burstnet.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.questionmarket.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.targetnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][www.burstbeacon.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.overture.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.com.com/]
Spyware:Cookie/Yadro Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.spylog.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.adultfriendfinder.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.azjmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.perf.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][server.iad.liveperson.net/hc/36468410]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.xiti.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.bravenet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.bluestreak.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][statse.webtrendslive.com/]
Spyware:Cookie/Weborama Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.weborama.fr/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][server.iad.liveperson.net/hc/11109312]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.phg.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][stat.onestat.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.clickbank.net/]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.bfast.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\104930_5d4f0786b_[cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.247realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.ads.addynamix.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.burstnet.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.questionmarket.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.targetnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][www.burstbeacon.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.overture.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.com.com/]
Spyware:Cookie/Yadro Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.spylog.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.adultfriendfinder.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.azjmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.perf.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][server.iad.liveperson.net/hc/36468410]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.xiti.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.bravenet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.bluestreak.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][statse.webtrendslive.com/]
Spyware:Cookie/Weborama Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.weborama.fr/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][server.iad.liveperson.net/hc/11109312]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.phg.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][stat.onestat.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.clickbank.net/]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.bfast.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\105098_5c6f67efc_[cookies.txt][.as-eu.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.bluestreak.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.trafficmp.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.adultfriendfinder.com/]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][citi.bridgetrack.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.realmedia.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.centrport.net/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.perf.overture.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.valueclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.bfast.com/]
Spyware:Cookie/Adviva Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.adviva.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.tradedoubler.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.maxserving.com/]
Spyware:Cookie/SexList Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.cs.sexcounter.com/]
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][www.goldenpalace.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.burstnet.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.targetnet.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][stat.onestat.com/]
Spyware:Cookie/GoStats Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][c3.gostats.com/]
Spyware:Cookie/GoStats Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.gostats.com/]
Spyware:Cookie/Toplist Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.toplist.cz/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.revenue.net/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.com.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][statse.webtrendslive.com/S109869]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][statse.webtrendslive.com/S118485]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][server.iad.liveperson.net/hc/29582431]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][statse.webtrendslive.com/S153220]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\55733_516835730_[cookies.txt][.as-eu.falkag.net/]
Adware:Adware/AVSystemCare Not disinfected C:\RECYCLER\S-1-5-21-1411606417-4083170806-671341260-500\Dc2
Adware:Adware/AVSystemCare Not disinfected C:\RECYCLER\S-1-5-21-1411606417-4083170806-671341260-500\Dc3
Adware:Adware/AVSystemCare Not disinfected C:\RECYCLER\S-1-5-21-1411606417-4083170806-671341260-500\Dc4.dll
Adware:Adware/AVSystemCare Not disinfected C:\VundoFix Backups\cmprop.dll.bad
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\dbxDgrevCheck.dll
Virus:Trj/Deldir.A Disinfected C:\WINDOWS\system32\oobe\emachines\Preinstall.cmd
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\system32\wavemc.exe


-------------


Deckard's System Scanner v20071014.68
Run by Driton on 2007-12-23 21:34:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Driton.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-23 21:35:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\server\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\server\Apache2\bin\Apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Driton\Desktop\dss.exe
C:\Documents and Settings\Driton\Desktop\Driton.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A303B734-085F-404A-A7ED-8DBF8E0F704E} - C:\WINDOWS\system32\cmprop.dll
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: sockspy.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\server\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Visual Studio 2005 Remote Debugger (msvsmon80) - Unknown owner - C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 5687 bytes

-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 20:38:48 0 d-------- C:\IE-SPYAD
2007-12-23 20:23:32 0 d-------- C:\Program Files\SpywareBlaster
2007-12-23 15:08:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 15:08:38 0 d-------- C:\WINDOWS\LastGood
2007-12-23 12:38:23 0 d-------- C:\Documents and Settings\Driton\Application Data\Grisoft
2007-12-23 12:35:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 23:34:16 0 dr-h----- C:\Documents and Settings\Driton\Recent
2007-12-19 16:50:45 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-19 15:20:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-18 13:40:26 21233664 --a------ C:\Documents and Settings\Driton\ntuser.dat
2007-12-18 03:45:04 19456 --a------ C:\WINDOWS\system32\drivers\hitjshzw.dat
2007-12-18 03:39:52 6555 ---hs---- C:\WINDOWS\system32\tttss.bak1
2007-12-18 03:35:27 84992 --a------ C:\WINDOWS\system32\cmprop.dll
2007-12-16 02:21:45 0 d-------- C:\WINDOWS\network diagnostic
2007-12-13 01:26:49 0 d-------- C:\Program Files\RayV
2007-12-12 16:30:08 16 --a------ C:\WINDOWS\sess_55e38660ccb41f37b4c7a7d4a537b4cc
2007-12-12 16:30:01 16 --a------ C:\WINDOWS\sess_a37f83e8b211985d637814b60d294194
2007-12-12 16:09:54 0 --a------ C:\WINDOWS\sess_82c0960be8342e07cd5fd46b21a6970a
2007-12-12 16:09:47 0 --a------ C:\WINDOWS\sess_5da4d7fba66fee7df18dc9789e9defb8
2007-12-12 16:09:39 0 --a------ C:\WINDOWS\sess_ae074fce2461636a7ee3658de1129ca6
2007-12-08 19:04:22 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 19:03:45 0 d-------- C:\Program Files\Windows Live
2007-12-08 19:02:20 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 12:57:54 0 d-------- C:\Documents and Settings\Driton\Application Data\Imagenomic
2007-12-04 05:46:40 44544 -----n--- C:\WINDOWS\AWuninstall.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-23 20:25:00 0 d-------- C:\Program Files\Family Feud II
2007-12-23 13:39:28 0 d-------- C:\Documents and Settings\Driton\Application Data\Roxio
2007-12-22 01:34:28 0 d-------- C:\Program Files\Movie Maker
2007-12-22 00:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 00:16:04 0 d-------- C:\Program Files\CoffeeCup Software
2007-12-22 00:11:54 0 d-------- C:\Program Files\Common Files
2007-12-15 23:51:20 25719 --a------ C:\WINDOWS\mozver.dat
2007-12-14 16:51:38 0 d-------- C:\Documents and Settings\Driton\Application Data\Adobe
2007-11-30 22:03:38 0 d-------- C:\Program Files\YouTube Movie Ripper V1.1
2007-11-14 01:52:03 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-11-14 01:51:52 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-05 01:16:17 570806 ---hs---- C:\WINDOWS\system32\wvvwa.bak1
2007-10-08 00:19:34 0 --a----c- C:\WINDOWS\[INI]
2007-10-07 01:32:10 6513 ---hs---- C:\WINDOWS\system32\dfhkj.bak1
2007-10-07 01:15:05 1496677 ---hs---- C:\WINDOWS\system32\oqtss.ini2
2007-10-07 01:02:13 1489313 ---hs---- C:\WINDOWS\system32\oqtss.bak2
2007-10-06 16:08:39 1517579 ---hs---- C:\WINDOWS\system32\bccdd.ini2
2007-10-06 15:45:46 1489313 ---hs---- C:\WINDOWS\system32\bccdd.bak2
2007-10-06 08:10:32 6473 ---hs---- C:\WINDOWS\system32\oqtss.bak1
2007-10-06 00:42:46 6573 ---hs---- C:\WINDOWS\system32\bccdd.bak1
2007-09-28 22:56:00 2126312 ---hs---- C:\WINDOWS\system32\ddeeg.ini2
2007-09-28 22:13:35 2106567 ---hs---- C:\WINDOWS\system32\ddeeg.bak2
2007-09-25 21:02:40 1979865 ---hs---- C:\WINDOWS\system32\ddeeg.bak1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A303B734-085F-404A-A7ED-8DBF8E0F704E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [10/18/2001 09:25 AM]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [06/14/2001 11:42 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ddayv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Driton^Start Menu^Programs^Startup^eCentral.lnk]
backup=C:\WINDOWS\pss\eCentral.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Driton^Start Menu^Programs^Startup^TA_Start.lnk]
backup=C:\WINDOWS\pss\TA_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveDiscoveryMemoryResident]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nqxax]
"C:\Documents and Settings\Driton\My Documents\?racle\s?anregw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pas_check]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phis]
C:\WINDOWS\System32\??plorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
C:\Program Files\RayV\RayV\RayV.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ukl]
"C:\Documents and Settings\Driton\Application Data\?dobe\m?config.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Usrr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wwdf]
"C:\Documents and Settings\Driton\My Documents\W?nSxS\u?erinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0E-E1-1C-C3-ZN}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Crypkey License"=2 (0x2)

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2007-12-23 21:41:39 ------------
Attached Files
File Type: txt Activescan.txt (65.4 KB,