PDA

View Full Version : Help me remove Zlob, Smitfraud-C & Smitfraud-C.MSVPS


KSBond
2007-12-12, 15:37
Hi,
appreciate your help to remove the above malware from my notebook.

I'm using Spybot S&D version 1.5.1.15
Have tried to Check for a Problem, fix and immune but the virus is still there.

Here is the log.


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-11 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-12-05 Includes\Cookies.sbi
2007-10-31 Includes\Dialer.sbi
2007-12-05 Includes\DialerC.sbi
2007-11-07 Includes\Hijackers.sbi
2007-12-05 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-12-05 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-11-07 Includes\Malware.sbi
2007-12-05 Includes\MalwareC.sbi
2007-10-24 Includes\PUPS.sbi
2007-12-05 Includes\PUPSC.sbi
2007-12-05 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-12-05 Includes\SecurityC.sbi
2007-11-07 Includes\Spybots.sbi
2007-12-05 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2007-11-28 Includes\Trojans.sbi
2007-12-05 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939373)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, !AVG Anti-Spyware
command: "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, Acrobat Assistant 7.0
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: 78FF388FD58CE0BAE1F7C9670F5473C1

Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 71D3AD3EDC01508DB4819355FB28E434

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: F5F1A8CDD473D55F9BF6FE23F715B0FA

Located: HK_LM:Run, HP Network Registry Agent
command: C:\WINDOWS\system32\hpnra.exe
file: C:\WINDOWS\system32\hpnra.exe
size: 61440
MD5: E9E01A321C5096C8002030922DD3363A

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A

Located: HK_LM:Run, OfficeScanNT Monitor
command: "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
file: C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
size: 356352
MD5: 42D6C7419442F7992FC9338EDFABA7F0

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1343024091-842925246-854245398-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, HP Mobile Printing
where: S-1-5-21-1343024091-842925246-854245398-500...
command: C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
file: C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
size: 630784
MD5: 2E6E8DC2E356F1055C4DF8EE6A9323DA

Located: HK_CU:Run, PlaxoUpdate
where: S-1-5-21-1343024091-842925246-854245398-500...
command: C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe -a
file: C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe
size: 226890
MD5: 112B5AA8C1B03547C11A2564AE66F51D

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1343024091-842925246-854245398-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, swg
where: S-1-5-21-1343024091-842925246-854245398-500...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: Startup (common), Adobe Acrobat Speed Launcher.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
size: 25214
MD5: D6294D59171AC375CD142003566AA89E

Located: Startup (common), BlueSoleil.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
file: D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
size: 1183744
MD5: C2560EB72A613AD762BD518019B9A013

Located: Startup (common), WinZip Quick Pick.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wincpw32
command: wincpw32.dll
file: wincpw32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---

more log contents follows ..
KSBond
2007-12-12, 16:48
--- Browser helper object list ---
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 9/13/2007 1:31:40 PM
Date (last access): 12/12/2007 8:44:02 PM
Date (last write): 9/13/2007 1:31:40 PM
Filesize: 1312040
Attributes: archive
MD5: 5BEAEEF0B4624B94918C157A32D6123C
CRC32: EDDC3F95
Version: 2.2.0.117

{29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A} (OFK System)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: OFK System
Path: C:\WINDOWS\
Long name: blopenvtlv.dll
Short name: BLOPEN~1.DLL
Date (created): 12/11/2007 12:07:44 AM
Date (last access): 12/12/2007 8:44:02 PM
Date (last write): 12/10/2007 5:20:00 PM
Filesize: 249856
Attributes: archive
MD5: ED986EE063BC533135F289B071AD6E27
CRC32: 8D3CBD65
Version: 1.0.0.1

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: bho2gr Class
description: GetRight
classification: Legitimate
known filename: msie2gr.dll
info link: http://www.getright.com/
info source: TonyKlein
Path: C:\Program Files\GetRight\
Long name: xx2gr.dll
Short name:
Date (created): 5/18/2006 12:17:42 PM
Date (last access): 12/12/2007 8:44:04 PM
Date (last write): 2/14/2005 12:08:50 PM
Filesize: 233472
Attributes: archive
MD5: 06EE81C0ABBCFCD09ED3B3A9798871D3
CRC32: 752B81F8
Version: 5.2.0.3

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/11/2007 10:06:52 AM
Date (last access): 12/12/2007 8:44:04 PM
Date (last write): 8/31/2007 4:46:14 PM
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 10/5/2007 8:37:44 AM
Date (last access): 12/12/2007 9:16:50 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{A7327C09-B521-4EDB-8509-7D2660C9EC98} (Viewpoint Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Viewpoint Toolbar BHO
Path: C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\
Long name: ViewBarBHO.dll
Short name: VIEWBA~1.DLL
Date (created): 4/14/2007 10:35:04 PM
Date (last access): 12/12/2007 9:16:50 PM
Date (last write): 2/25/2007 3:33:52 AM
Filesize: 38584
Attributes: archive
MD5: 2DA0FFCCE5416A23952D4EA88270CAE2
CRC32: 5574A892
Version: 3.8.0.29

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 1/27/2007 7:41:46 PM
Date (last access): 12/12/2007 8:44:04 PM
Date (last write): 1/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 9/24/2005 1:41:42 PM
Date (last access): 12/12/2007 8:44:06 PM
Date (last write): 12/18/2006 4:18:14 AM
Filesize: 231160
Attributes: archive
MD5: 00AA6DF95E24DE4C616127EE739897F4
CRC32: D6B49BBF
Version: 7.0.9.50

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\
Long name: swg.dll
Short name:
Date (created): 7/17/2007 2:51:26 PM
Date (last access): 12/12/2007 8:44:08 PM
Date (last write): 7/17/2007 2:51:26 PM
Filesize: 325048
Attributes: archive
MD5: 1DC47CA76A0FFEAA25B45DE5706F2115
CRC32: E2052360
Version: 2.0.301.7164



--- ActiveX list ---
{00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class)
DPF name:
CLSID name: ObjWinNTCheck Class
Installer:
Codebase: https://oscentral01.celcom.com.my/officescan/console/ClientInstall/WinNTChk.cab
description:
classification: Legitimate
known filename: WinNTChk.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WinNTChk.dll
Short name:
Date (created): 3/15/2005 5:59:26 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 3/15/2005 5:59:26 PM
Filesize: 53347
Attributes: archive
MD5: B95D9D1213D143931388E72F002C5D3C
CRC32: 9D6CA8C1
Version: 7.0.0.1040

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 6/29/2007 6:25:14 AM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 6/29/2007 6:25:14 AM
Filesize: 574784
Attributes: archive
MD5: 92FCD2C6B05278FFD772AEE77D29A07C
CRC32: 3E432005
Version: 7.2.0.240

{03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class)
DPF name:
CLSID name: MetaStreamCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\MetaStream3.inf
Codebase: https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.samsungcamera.com/vr/nv11/nv11_vr.asp?prol_uid=2817&cat_uid=75
description:
classification: Open for discussion
known filename: AxMetaStream.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Viewpoint\Viewpoint Media Player\
Long name: AxMetaStream.dll
Short name: AXMETA~1.DLL
Date (created): 3/31/2007 10:10:24 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 1/5/2007 11:32:14 PM
Filesize: 254022
Attributes: archive
MD5: CD129AD218CBF53BBD9C2851F0878071
CRC32: E415709A
Version: 3.5.0.13

{08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
DPF name:
CLSID name: OfficeScan Corp Edition Web-Deployment SetupCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.inf
Codebase: https://oscentral01.celcom.com.my/officescan/console/ClientInstall/setup.cab
description:
classification: Legitimate
known filename: OfficeScanSetup.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: OfficeScanSetup.dll
Short name: OFFICE~1.DLL
Date (created): 3/15/2005 5:59:16 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 3/15/2005 5:59:16 PM
Filesize: 106599
Attributes: archive
MD5: 35A09514D6CFC14C7F3F946461331E05
CRC32: 1C8FE2D2
Version: 7.0.0.1040

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?LinkID=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 2/14/2006 9:20:14 AM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://download.ewido.net/ewidoOnlineScan.cab
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 1/3/2006 9:20:34 AM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 1/3/2006 9:20:34 AM
Filesize: 327008
Attributes: archive
MD5: D40DBB08A55751B2A390813B0EA6955A
CRC32: 7D8648A3
Version: 1.0.0.1

{2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control)
DPF name:
CLSID name: LocalExec Control
Installer: C:\WINDOWS\Downloaded Program Files\LocalExec.inf
Codebase: http://www.icelcom.com.my/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
description:
classification: Open for discussion
known filename: LocalExec.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: LocalExec.ocx
Short name: LOCALE~1.OCX
Date (created): 5/1/2001 3:28:44 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 5/1/2001 3:28:44 PM
Filesize: 32768
Attributes: archive
MD5: C7002596ABE551489644F4BE8FBC8BCF
CRC32: 38252DCB
Version: 1.0.0.1

{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class)
DPF name:
CLSID name: Encrypt Class
Installer:
Codebase: https://oscentral01.celcom.com.my/officescan/console/html/AtxEnc.cab
description:
classification: Legitimate
known filename: AtxEnc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: AtxEnc.dll
Short name:
Date (created): 3/15/2005 5:42:20 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 3/15/2005 5:42:20 PM
Filesize: 102488
Attributes: archive
MD5: 231C93D876CED3DF0898CA2642547592
CRC32: A6EFFA80
Version: 7.0.0.1040

{3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control)
DPF name:
CLSID name: DownloadManager Control
Installer: C:\WINDOWS\Downloaded Program Files\DownloadManager.inf
Codebase: http://download.akamaitools.com.edgesuite.net/dlmanager/dev/code/IE_1070/DownloadManager.cab
description:
classification: Open for discussion
known filename: DOWNLO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: DownloadManager.ocx
Short name: DOWNLO~1.OCX
Date (created): 7/1/2004 7:00:14 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 7/1/2004 7:00:14 PM
Filesize: 181384
Attributes: archive
MD5: 30A08673FB7AAB8AEF1C014AA59C8330
CRC32: 3BBF3ABA
Version: 1.0.7.0

{5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
DPF name:
CLSID name: OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.inf
Codebase: https://oscentral01.celcom.com.my/officescan/console/ClientInstall/RemoveCtrl.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: OfficeScanRemoveCtrl.dll
Short name: OFFICE~3.DLL
Date (created): 3/15/2005 5:59:12 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 3/15/2005 5:59:12 PM
Filesize: 159857
Attributes: archive
MD5: FA87D80B408CFE7F229EB3C94944A928
CRC32: 9F555676
Version: 7.0.0.1040

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141820261420
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 3/8/2006 7:57:48 PM
Date (last access): 12/12/2007 9:16:52 PM
Date (last write): 7/30/2007 7:19:28 PM
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)
DPF name:
CLSID name: DivXBrowserPlugin Object
Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf

more log contents follows ...
KSBond
2007-12-12, 16:53
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)
DPF name:
CLSID name: DivXBrowserPlugin Object
Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf
Codebase: http://go.divx.com/plugin/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\DivX\DivX Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 2/17/2006 10:59:10 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 2/17/2006 10:59:10 PM
Filesize: 528896
Attributes: archive
MD5: DCFD903C5953697FC94A803AD6877626
CRC32: FE151153
Version: 1.0.0.0

{74CD40EA-EF77-4BAD-808A-B5982DA73F20} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
Codebase: http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
description:
classification: Open for discussion
known filename: YAZZLE~1.OCX
info link:
info source: Safer Networking Ltd.

{76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\NCSview.inf
Codebase: http://www.earthetc.com/ecwplugins/ncs.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 4/14/2006 10:42:50 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 4/14/2006 10:42:50 PM
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 3:07:34 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 11/9/2006 3:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 6/14/2007 4:53:24 PM
Date (last access): 12/12/2007 9:16:56 PM
Date (last write): 6/14/2007 6:32:36 PM
Filesize: 132760
Attributes: archive
MD5: D7E2C655C374A16CCE317A53373FC0D9
CRC32: 58B54011
Version: 6.0.20.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 12/12/2007 9:16:54 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9c.ocx
Short name:
Date (created): 3/24/2007 5:59:38 AM
Date (last access): 12/12/2007 9:16:56 PM
Date (last write): 3/24/2007 5:59:38 AM
Filesize: 2267368
Attributes: readonly archive
MD5: 18AE02A4195292C692D5B006F1421D01
CRC32: B8EED2E6
Version: 9.0.45.0

{E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control)
DPF name:
CLSID name: Driver Agent ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\driveragent.inf
Codebase: http://driveragent.com/files/driveragent.cab
description:
classification: Legitimate
known filename: driveragent.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: driveragent.ocx
Short name: DRIVER~1.OCX
Date (created): 11/20/2006 9:48:46 AM
Date (last access): 12/12/2007 9:16:56 PM
Date (last write): 11/20/2006 9:48:46 AM
Filesize: 428544
Attributes: archive
MD5: 4A217D25930D322A4A2327E6BA348489
CRC32: 4022FB3A
Version: 2.2006.11.20

{EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation)
DPF name:
CLSID name: dcCertUtils.clsOperation
Installer: C:\WINDOWS\Downloaded Program Files\dcCertUtils.INF
Codebase: https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: dcCertUtils.dll
Short name: DCCERT~1.DLL
Date (created): 2/13/2007 4:58:48 PM
Date (last access): 12/12/2007 9:16:56 PM
Date (last write): 2/13/2007 4:58:48 PM
Filesize: 409856
Attributes: archive
MD5: 1F85EAA7D6B46B8A03AEF81324A45143
CRC32: 9C1C51BD
Version: 1.0.0.4



--- Process list ---

more log contents follows ...
KSBond
2007-12-12, 16:56
--- Process list ---
PID: 0 ( 0) [System]
PID: 960 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 1040 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1064 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1108 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1120 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1308 ( 0) C:\WINDOWS\System32\Ati2evxx.exe
size: 323584
MD5: D38BD6065EEC1F6EAF98CD853F482388
PID: 1320 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1384 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1428 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1532 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1644 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1960 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 2008 ( 0) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 664 ( 0) C:\WINDOWS\system32\Ati2evxx.exe
size: 323584
MD5: D38BD6065EEC1F6EAF98CD853F482388
PID: 720 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 832 ( 0) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 71D3AD3EDC01508DB4819355FB28E434
PID: 840 ( 0) C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
size: 356352
MD5: 42D6C7419442F7992FC9338EDFABA7F0
PID: 848 ( 0) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: 78FF388FD58CE0BAE1F7C9670F5473C1
PID: 856 ( 0) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: F5F1A8CDD473D55F9BF6FE23F715B0FA
PID: 868 ( 0) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821F73B833C4DAEBC33C1A9A4B16BB5A
PID: 884 ( 0) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 900 ( 0) C:\WINDOWS\system32\hpnra.exe
size: 61440
MD5: E9E01A321C5096C8002030922DD3363A
PID: 924 ( 0) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 332 ( 0) C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
size: 630784
MD5: 2E6E8DC2E356F1055C4DF8EE6A9323DA
PID: 340 ( 0) C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe
size: 226890
MD5: 112B5AA8C1B03547C11A2564AE66F51D
PID: 356 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 976 ( 0) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 988 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 1596 ( 0) C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
PID: 180 ( 0) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 3A4982DF893F198A2DFBCCD4CE10F93A
PID: 208 ( 0) D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 232 ( 0) d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
size: 110592
MD5: 55F24E6EC983FCC7510293B05A27CEEC
PID: 252 ( 0) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
size: 407136
MD5: 24F1195C96ABD3D7E6414C91348AA94C
PID: 296 ( 0) C:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15872
MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
PID: 380 ( 0) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 335872
MD5: 8B23E29B211CFED059ADB5A5E4A00147
PID: 504 ( 0) C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld.exe
size: 7213696
MD5: BA43A7A4A09EDEE1C0B2EE0085E940C1
PID: 612 ( 0) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
size: 495616
MD5: 684AE7FBF842FF1A36F97F0FDD4221A2
PID: 672 ( 0) D:\rtsserv.exe
size: 49152
MD5: EC3CD0182274CEFFC33F77AE1CF4097D
PID: 364 ( 0) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
size: 614488
MD5: 75B24694616553D41CBF902418792672
PID: 576 ( 0) C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe
size: 94208
MD5: FA38CF42929A7BDE8E3D507C7438009C
PID: 1728 ( 0) C:\Program Files\Viewpoint\Common\ViewpointService.exe
size: 24652
MD5: 5F974FDE801C73952770736BECDE11E7
PID: 1816 ( 0) C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
size: 233552
MD5: D3ECB9CA72594EA54C81FA3E05EC60BD
PID: 2848 ( 0) C:\WINDOWS\TEMP\DWBE95.EXE
size: 172099
MD5: 3D4A3262F183D37DCC975D933DD732FE
PID: 2880 ( 0) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 112336
MD5: 1FF94B386646925D2B153C8A083115C7
PID: 3748 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2316 ( 0) C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe
size: 671744
MD5: 6DEE35FB5D2C666AE1DAA489ABB8797E
PID: 2468 ( 0) C:\Program Files\Netscape\Navigator 9\navigator.exe
size: 8249344
MD5: 7FA6F2FBDA529F98B771D5D92C0D8F27
PID: 3124 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/12/2007 9:27:44 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.my/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F5AD910-6CCB-4EF2-A648-FCE63AADDFEE}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F5AD910-6CCB-4EF2-A648-FCE63AADDFEE}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB333FC2-568F-4990-9143-81FBFF645A2A}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB333FC2-568F-4990-9143-81FBFF645A2A}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A053558-C828-4C68-B742-B1C24E038E41}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A053558-C828-4C68-B742-B1C24E038E41}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E897DFCC-E49D-4CCB-9DC6-BB09CA0B875A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E897DFCC-E49D-4CCB-9DC6-BB09CA0B875A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5747002-3650-4933-9658-8AEFC55CE76D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5747002-3650-4933-9658-8AEFC55CE76D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C79B5625-1540-42AA-88EE-B5F4EA480127}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C79B5625-1540-42AA-88EE-B5F4EA480127}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1390EBA5-F8A8-4068-9BF6-0C6B8F1D4FF0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1390EBA5-F8A8-4068-9BF6-0C6B8F1D4FF0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


End of log

Please help me ...
I thanks you in advance for your help

KSBond, Dec 12th. 2007