View Full Version : Aconti, MediaMotor, Smitfraud to name a few
cesarper
2008-07-04, 08:25
Hello,
I noticed my computer behaving a little strangely over the last few days (a few pop-ups about needing to do a scan, etc.) so I ran Spybot in Safe Mode and found the following items:
Aconti
Double Click
Fake Alert.cc
MediaMotor
ShudderLtd.AntiVirusPro
Smitfraud-C.gp
These items had infected my computer previously and you all helped me remove them before. Seeing them again, I figured I should come back here. Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:08 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cesar\Desktop\Spyware Removal Folder\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5088CF98-BCFF-4227-B043-91865F05F5BF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {9A4ED3D2-5CB0-9907-0EB8-EABBE62AB3BA} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125464059207
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11955 bytes
Hi cesarper
Please post spybot report next :)
cesarper
2008-07-08, 05:38
Is this the report you were asking for?
--- Report generated: 2008-07-03 22:33 ---
Aconti: [SBI $6FB0ED66] Log file (File, fixed)
C:\WINDOWS\aconti.log
Aconti: [SBI $39979A45] Text file (File, fixed)
C:\WINDOWS\acontidialer.txt
MediaMotor: [SBI $09782148] Code storage database (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}
Smitfraud-C.gp: [SBI $8DBF23B2] Link (File, fixed)
C:\WINDOWS\absolute key logger.lnk
Smitfraud-C.gp: [SBI $29222CE9] Web page (File, fixed)
C:\WINDOWS\default.htm
Smitfraud-C.gp: [SBI $2BB37927] Program directory (Directory, fixed)
C:\WINDOWS\SYSTEM32\acespy\
FakeAlert.cc: [SBI $E9A3DEA8] Library (File, fixed)
C:\WINDOWS\SYSTEM32\qiawpbjj.dll
ShudderLtd.AntiVirusPro: [SBI $AD57230C] Program directory (Directory, fixed)
C:\Program Files\AntiVirusPro\Quarantine\
ShudderLtd.AntiVirusPro: [SBI $1C331935] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\BrowserObjects\
ShudderLtd.AntiVirusPro: [SBI $E08C6797] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuAllUsers\
ShudderLtd.AntiVirusPro: [SBI $FA17117F] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuCurrentUser\
ShudderLtd.AntiVirusPro: [SBI $8D3B371D] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx\
ShudderLtd.AntiVirusPro: [SBI $8FC04E81] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnce\
ShudderLtd.AntiVirusPro: [SBI $3B30028F] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\
ShudderLtd.AntiVirusPro: [SBI $883A03EF] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx\
ShudderLtd.AntiVirusPro: [SBI $37508FC0] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnce\
ShudderLtd.AntiVirusPro: [SBI $9AF66C19] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\
ShudderLtd.AntiVirusPro: [SBI $F35C10D7] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\
ShudderLtd.AntiVirusPro: [SBI $A4AD9B8B] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\AntiVirusPro\
ShudderLtd.AntiVirusPro: [SBI $A9DA647C] Program directory (Directory, fixed)
C:\Documents and Settings\Cesar\Application Data\Anti-Virus-Pro.com\
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
Common Dialogs: History (183 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Office 9.0: Recently used files (103 files) (Directory, nothing done)
C:\Documents and Settings\Cesar\Application Data\Microsoft\Office\Recent\
Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: Active Setup Log.txt (Backup file, nothing done)
C:\WINDOWS\Active Setup Log.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: setuperr.log (Backup file, nothing done)
C:\WINDOWS\setuperr.log
Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Creative PlayCenter 2: [SBI $432C5FFB] Last folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Creative Tech\Creative PlayCenter 2\My Computer\Settings\Last Folder
Creative PlayCenter 2: [SBI $3DF01187] Last used audio effect (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Creative Tech\Creative PlayCenter 2\EAX\LastEA
Creative WaveStudio: [SBI $098CEB21] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Creative Tech\Creative WaveStudio\Settings\LastDir1
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (13 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_OWNER\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $D9A946AF] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Internet Explorer\Main\Save Directory
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Internet Explorer\Download Directory
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MGI Photo Suite 8.x: [SBI $AA2CF2A0] Recent lists (13 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\MGI\PhotoSuite\8.05\CurrentConfig
MGI Photo Suite 8.x: [SBI $AA2CF2A0] Recent lists (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\MGI\PhotoSuite\8.05\CurrentConfig
MS Management Console: [SBI $ECD50EAD] Recent command list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir
MS Media Player: [SBI $D8642806] Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex
MS Media Player: [SBI $6D2E50D8] Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode
MS Media Player: [SBI $3B46EBCE] Manually modified tags history (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit
MS ClipArt Gallery 9.0: [SBI $8D4C7AB5] Last import directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\ClipArt Gallery\ImportDirectory
MS ClipArt Gallery 9.0: [SBI $6804DCA8] Used cliparts (13 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\ClipArt Gallery\2.0\MRUDescription
MS ClipArt Gallery 9.0: [SBI $6804DCA8] Used cliparts (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\ClipArt Gallery\2.0\MRUDescription
MS ClipArt Gallery 9.0: [SBI $C46E8A82] Last popup category (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\ClipArt Gallery\2.0\MRUPopupCategory
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 9.0: [SBI $4F7FBCC4] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents
MS Office 9.0: [SBI $DE9A4E33] Access recent file (11 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\9.0\Access\Settings
MS Office 9.0: [SBI $DE9A4E33] Access recent file (16 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\9.0\Access\Settings
MS Office 9.0 (Start Assistant): [SBI $15C49593] Last opened file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\9.0\Osa\FindFile\Place
MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\9.0\Excel\Recent Files
MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\9.0\Excel\Recent Files
MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\9.0\PowerPoint\Recent File List
MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\9.0\PowerPoint\Recent File List
MS Office 9.0 (PowerPoint): [SBI $D94CCD1A] Recent folder list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\9.0\PowerPoint\RecentFolderList
MS Office 10.0: [SBI $98B69A5E] Used cliparts (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query
MS Office 10.0: [SBI $65F660A1] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\10.0\Common\Internet\UseRWHlinkNavigation
MS Office 10.0: [SBI $40D97094] Recently used symbol list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\10.0\Common\General\SymbolMRU
MS Office 10.0 (Document Scanning): [SBI $C6AFE986] Recent file list #1 (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\MSPaper\Recent File List
MS Office 10.0 (Document Scanning): [SBI $BF2D2FA9] Recent file list #2 (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\MSPaper\Persist File Name
MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Office 10.0 (Word): [SBI $B928A857] Templates history (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\10.0\Word\Recent Templates
MS Office 10.0 (Word): [SBI $E97870AB] Disabled items history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\10.0\Word\Resiliency\DisabledItems
MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation
MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (7 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (InfoPath): [SBI $2EA30C53] Recent template list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\InfoPath\Recent Templates
MS Office 11.0 (Office Startup Assistant): [SBI $AA4B9E08] Last template location (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\Osa\FileNew\Place
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (PowerPoint): [SBI $45221EA4] Recent template list (8 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\PowerPoint\Recent Templates
MS Office 11.0 (PowerPoint): [SBI $45221EA4] Recent template list (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\PowerPoint\Recent Templates
MS Office 11.0 (PowerPoint): [SBI $81078145] Recent animation list (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\PowerPoint\RecentAnimationList
MS Office 11.0 (PowerPoint): [SBI $81078145] Recent animation list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\PowerPoint\RecentAnimationList
MS Office 11.0 (PowerPoint): [SBI $8C3C6CBB] Recent folder list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\PowerPoint\RecentFolderList
MS Office 11.0 (PowerPoint): [SBI $8C3C6CBB] Recent folder list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\PowerPoint\RecentFolderList
MS Office 11.0 (PowerPoint): [SBI $C04A11CB] Recent template list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\PowerPoint\RecentTemplateList
MS Office 11.0 (PowerPoint): [SBI $C04A11CB] Recent template list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\PowerPoint\RecentTemplateList
MS Office 11.0 (Publisher): [SBI $52D0C0B4] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Office\11.0\Publisher\Recent File List
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List
MS Frontpage: [SBI $A45AF00A] Recent page list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
MS Frontpage: [SBI $E1E345DB] Recently used image URLs (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\FrontPage\Editor\Insert Image\Recently Used URLs
MS Frontpage: [SBI $FB9080A6] Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\FrontPage\Editor\Insert Image\Last Used Folder
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Photo Editor: [SBI $4E767FED] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Photo Editor\3.0\File Options\Path
MS Photo Editor: [SBI $ADB59025] Recently used file #1 (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile1
MS Photo Editor: [SBI $3DF342BE] Recently used file type #1 (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType1
MS Photo Editor: [SBI $2C3EC112] Recently used file #2 (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile2
MS Photo Editor: [SBI $BC781389] Recently used file type #2 (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType2
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Search Assistant\ACMru
MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
MusicMatch JukeBox: [SBI $9D4551E3] Last conversion destination folder (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\FileConv\DestDir
MusicMatch JukeBox: [SBI $F9A6DCAB] Last conversion source folder (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\FileConv\SourceDir
MusicMatch JukeBox: [SBI $C073BD4D] Last radio station status (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MMRadio\LastStation
MusicMatch JukeBox: [SBI $6583B417] Last radio station name (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MMRadio\LastStationName
MusicMatch JukeBox: [SBI $F6B38B4F] Last add song folder (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MusicLibraryUI\Last add song dir
Paint Shop Pro 7: [SBI $9A5AA171] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\JASC\Paint Shop Pro 7\Recent File List
Paint Shop Pro 7: [SBI $9A5AA171] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\JASC\Paint Shop Pro 7\Recent File List
Paint Shop Pro 7: [SBI $E2F262CE] Image directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\JASC\Paint Shop Pro 7\General\ImageDirectory
Paint Shop Pro 7: [SBI $ECA7350C] Save as directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\JASC\Paint Shop Pro 7\General\SaveAsDirectory
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F9D595D2] Open with list - .ANS extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANS\OpenWithList
Windows.OpenWith: [SBI $4E3A0061] Open with list - .ART extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ART\OpenWithList
Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList
Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $4414E448] Open with list - .CGI extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CGI\OpenWithList
Windows.OpenWith: [SBI $06671386] Open with list - .CIL extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CIL\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (3 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $AA0766B5] Stream history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (22 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (8 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_OWNER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (32 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (33 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (96 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (35 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (171 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (39 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (220 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (26 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ALE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Yahoo: [SBI $96A97412] Photo uploader directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3402799377-3563514748-4210259494-1006\Software\Yahoo\YPhotos\LastPath
Cookie: [SBI $49804B54] Cookie (209) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (14) (Cache, nothing done)
History: [SBI $49804B54] History (10) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (549) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-07-03 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-17 Includes\Adware.sbi (*)
2008-06-18 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-24 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-16 Includes\Hijackers.sbi (*)
2008-06-17 Includes\HijackersC.sbi (*)
2008-06-25 Includes\Keyloggers.sbi (*)
2008-07-02 Includes\KeyloggersC.sbi (*)
2008-07-02 Includes\Malware.sbi (*)
2008-07-01 Includes\MalwareC.sbi (*)
2008-06-17 Includes\PUPS.sbi (*)
2008-07-01 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-07-01 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-17 Includes\Spyware.sbi (*)
2008-06-17 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-06-24 Includes\Trojans.sbi (*)
2008-07-01 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
cesarper
2008-07-08, 05:40
Or this one?
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-07-03 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-07-02 Includes\KeyloggersC.sbi
2008-07-02 Includes\Malware.sbi
2008-07-01 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-07-01 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-07-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-07-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Hotfix for Windows XP (KB928388)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 679936
MD5: BC21ED6454FB9C7F1ADF0A663AC96392
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AHQInit
command: C:\Program Files\Creative\SBLive\Program\AHQInit.exe
file: C:\Program Files\Creative\SBLive\Program\AHQInit.exe
size: 102400
MD5: A92A1E030D09D52EA0EB11BDE231A34E
Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9
Located: HK_LM:Run, Dell|Alert
command: C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
file: C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
size: 270336
MD5: E4D000533F785D64C20F44EA52E5EB86
Located: HK_LM:Run, Jet Detection
command: "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
file: C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
size: 28672
MD5: 7DF5F447DE9E4600F8C77A00D86D210B
Located: HK_LM:Run, Lexmark X83 Button Manager
command: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
file: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
size: 53248
MD5: 3A9162141F9A32044FA9BB24FCBF5AD0
Located: HK_LM:Run, Lexmark X83 Button Monitor
command: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
file: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
size: 40960
MD5: 393EFF1F04A49AD901EC0CCD878AC7C0
Located: HK_LM:Run, MimBoot
command: C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
file: C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
size: 11776
MD5: 7DD02ABC5FDA8D05F70F6D8FFBFFD603
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 530FA80819B092440442DFA70C1D01F6
Located: HK_LM:Run, PrinTray
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
size: 36864
MD5: 8FA5E9E4DA096B932295F2029AF06BBA
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: FA7EB9AFF3D726A6BF0494BEE7E378F6
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\Updreg.exe
file: C:\WINDOWS\Updreg.exe
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 125168
MD5: A1307C939E5216317E363D06A5473C7D
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:Run, WINDVDPatch
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 3C7A868402B2DD7B65AC32BED886D9E5
Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C
Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 407032
MD5: A2F088DD3834E3BCC28E858A0B3D8F77
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSMSGS
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ALE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, Microsoft Works Update Detection
where: PE_C_ALE...
command: C:\Program Files\Microsoft Works\WkDetect.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, MSMSGS
where: PE_C_ALE...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, Yahoo! Pager
where: PE_C_ALE...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: HK_CU:Run, (DISABLED)
where: PE_C_ALE...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: PE_C_ALE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SSK Service (DISABLED)
where: PE_C_ALE...
command: C:\Documents and Settings\Ale\Desktop\UNKNOWN_PARAMETER_VALUE\details.pif
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: PE_C_GUEST...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSMSGS
where: PE_C_GUEST...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, QuickTime Task
where: PE_C_GUEST...
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: FA7EB9AFF3D726A6BF0494BEE7E378F6
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3402799377-3563514748-4210259494-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3402799377-3563514748-4210259494-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3402799377-3563514748-4210259494-1006...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3402799377-3563514748-4210259494-1006...
command: C:\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-3402799377-3563514748-4210259494-1006...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 45056
MD5: 4E01F0DB4E23DA7A1DEA6CFD50B3DCC4
Located: Startup (common), ymetray.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
file: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
size: 54512
MD5: BFDD1F0370BAED5FD654A84207BEF2E3
Located: Startup (user), Cyber-shot Viewer Media Check Tool.lnk
where: C:\Documents and Settings\Ale\Start Menu\Programs\Startup...
command: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
file: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
size: 155648
MD5: 5F2A81D0EDB9D4F6A95CB08FC4A3EF26
Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn2\
Long name: yt.dll
Short name:
Date (created): 3/10/2008 5:58:58 AM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 3/10/2008 5:58:58 AM
Filesize: 879856
Attributes: archive
MD5: 3355D023133EEE997DE6A7BBB3A1B081
CRC32: 37309624
Version: 2008.3.10.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/23/2006 12:08:42 AM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{5088CF98-BCFF-4227-B043-91865F05F5BF} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/3/2008 8:08:56 PM
Date (last access): 7/7/2008 8:33:18 PM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/14/2006 3:15:02 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 10/31/2006 4:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 10/14/2006 3:14:58 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 7/28/2006 12:36:30 PM
Filesize: 120312
Attributes: archive
MD5: 55229862B316F1C21C440007AA6DC747
CRC32: BE91F7FE
Version: 2006.7.28.1
{9A4ED3D2-5CB0-9907-0EB8-EABBE62AB3BA} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{BDF3E430-B101-42AD-A544-FADC6B084872} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 10/14/2006 3:13:02 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 2/3/2005 5:07:08 PM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyviewer.dll
Short name: MNYVIE~1.DLL
Date (created): 7/25/2001 8:00:00 AM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 7/25/2001 8:00:00 AM
Filesize: 143420
Attributes: archive
MD5: 25303746C4B0562D0C152DD414759C62
CRC32: 9CB9C6CC
Version: 10.0.0.809
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
YExplorer1_8US.CAB (YExplorer1_8US.CAB)
DPF name: YExplorer1_8US.CAB
CLSID name:
Installer:
Codebase: http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 9/23/2003 3:43:54 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 12/31/2006 3:47:32 PM
Filesize: 562760
Attributes: archive
MD5: AADAA7AE58BFB72CC5EBC7A8BC5AA95D
CRC32: 2055A4F6
Version: 7.1.5.58
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 10/13/2006 12:30:10 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 3/5/2007 1:34:28 PM
Filesize: 676224
Attributes: archive
MD5: B221B218126BC9409257F39837BAB90C
CRC32: 60F920AA
Version: 1.6.21.0
{05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)
DPF name:
CLSID name: StagingUI Object
Installer:
Codebase: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
description:
classification: Legitimate
known filename: StagingUI.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StagingUI.ocx
Short name: STAGIN~1.OCX
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 397720
Attributes: archive
MD5: FF58F2E8ADD7A21AC10888189A2DA62E
CRC32: 118A20A8
Version: 9.5.5579.1
{0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1)
DPF name:
CLSID name: F-Secure Online Scanner 3.1
Installer: C:\WINDOWS\Downloaded Program Files\fscax.inf
Codebase: http://support.f-secure.com/ols/fscax.cab
description:
classification: Legitimate
known filename: fscax.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fscax.dll
Short name:
Date (created): 5/7/2007 5:39:24 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 5/7/2007 5:39:24 PM
Filesize: 254360
Attributes: archive
MD5: D5199825510E4C4F97DC93B7BC3B1A8A
CRC32: 9FA45099
Version: 3.1.0.5
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 8/29/2007 3:49:54 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 8/29/2007 3:49:54 PM
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 7/3/2008 8:04:42 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 6/17/2008 4:23:02 PM
Filesize: 202168
Attributes: archive
MD5: 25F0A729215D2CAF61F0BF5092D07CF9
CRC32: 93C62F10
Version: 11.0.0.458
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: Yinsthelper20073151.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 6:49:04 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 3/15/2007 6:49:04 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner)
DPF name:
CLSID name: Scanner.SysScanner
Installer: C:\WINDOWS\Downloaded Program Files\SysScanner.inf
Codebase: http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
Path: C:\WINDOWS\system32\
Long name: Scanner.ocx
Short name:
Date (created): 5/14/2007 2:01:32 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 5/14/2007 2:01:32 PM
Filesize: 43224
Attributes: archive
MD5: EA59319B8606FB17438D6F0410DB242A
CRC32: 865144EE
Version: 1.1.0.0
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite)
DPF name:
CLSID name: MSN Games – Buddy Invite
Installer:
Codebase: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
description:
classification: Legitimate
known filename: ZBuddy.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZBuddy.ocx
Short name:
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 232352
Attributes: archive
MD5: 560B653EF510810B4CEF62827E8C095F
CRC32: 13E185C2
Version: 9.5.5579.1
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 4:10:30 AM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 8/8/2005 1:25:14 AM
Filesize: 532992
Attributes: archive
MD5: 6433993EBB9B2B6CD18F4256FD7A7C07
CRC32: AEF6FCDD
Version: 12.0.3208.1000
{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Installer: C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf
Codebase: http://www.costcophotocenter.com/CostcoActivia.cab
description:
classification: Legitimate
known filename: SnapfishActivia1000.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 6/3/2005 12:24:32 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 6/3/2005 12:24:32 PM
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 1.0.0.10
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
DPF name:
CLSID name:
Installer:
Codebase:
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
{5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)
DPF name:
CLSID name: ZonePAChat Object
Installer:
Codebase: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
description:
classification: Legitimate
known filename: ZPAChat.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZPAChat.ocx
Short name:
Date (created): 1/24/2007 9:24:28 PM
Date (last access): 7/7/2008 8:33:20 PM
Date (last write): 1/24/2007 9:24:28 PM
Filesize: 509848
Attributes: archive
MD5: A91F756CE0A17EB8EACE27A9086E215A
CRC32: 96795A06
Version: 9.5.5579.1
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125464059207
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 7/30/2007 7:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381
{6F750200-1362-4815-A476-88533DE61D0C} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: axofupld.dll
info link:
info source: Safer Networking Ltd.
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 7/21/2006 6:50:14 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 7/21/2006 6:50:14 PM
Filesize: 180282
Attributes: archive
MD5: C2AB04247A8FE05AFC924447568D18C5
CRC32: 5C6624F7
Version: 1.1.0.1048
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Installer:
Codebase: http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/2/2005 9:02:30 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 2/20/2003 5:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 1.4.1.20
{9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin)
DPF name:
CLSID name: Shutterfly Picture Upload Plugin
Installer: C:\WINDOWS\Downloaded Program Files\sfuploadplugin.inf
Codebase: http://web1.shutterfly.com/downloads/Uploader.cab
description:
classification: Legitimate
known filename: SFUPLO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: sfuploadplugin.ocx
Short name: SFUPLO~1.OCX
Date (created): 12/30/2005 1:24:12 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 12/30/2005 1:24:12 PM
Filesize: 1296104
Attributes: archive
MD5: A3E4F4EFC840994B72C4A0BA3ACC1930
CRC32: DDC10E51
Version: 2.0.4.0
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object)
DPF name:
CLSID name: ZPA_TexasHoldem Object
Installer:
Codebase: http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: zpa_txhe.ocx
Short name:
Date (created): 1/26/2007 11:01:24 AM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 1/26/2007 11:01:24 AM
Filesize: 2023840
Attributes: archive
MD5: 3047B585184879E0525D9FC96A7738C2
CRC32: 7F810FF6
Version: 9.5.5579.1
{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} ()
DPF name:
CLSID name:
Installer:
Codebase:
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 2/19/2007 11:26:28 AM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 2/19/2007 11:26:28 AM
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Installer:
Codebase: http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI141_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/2/2005 9:02:30 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 2/20/2003 5:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 1.4.1.20
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 11/20/2007 5:04:14 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 11/20/2007 5:04:14 PM
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator)
DPF name:
CLSID name: MSN Games – Game Communicator
Installer:
Codebase: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
description:
classification: Legitimate
known filename: StProxy.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StProxy.dll
Short name:
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 299432
Attributes: archive
MD5: C68867D8C7C098AA75A40D6BB1706BE4
CRC32: D775327E
Version: 9.5.5579.1
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase: http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class)
DPF name:
CLSID name: Photo Upload Plugin Class
Installer: C:\WINDOWS\Downloaded Program Files\PCAXSetup.inf
Codebase: http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Photochannel.dll
Short name: PHOTOC~1.DLL
Date (created): 5/15/2007 8:27:48 AM
Date (last access): 7/7/2008 8:33:22 PM
Date (last write): 5/15/2007 8:27:48 AM
Filesize: 290816
Attributes: archive
MD5: 4F5B494D4AC0D06BE28775A8EE17E4CE
CRC32: 47538ECC
Version: 2.0.0.10
{FFFFFFFF-CACE-BABE-BABE-00AA0055595A} ()
DPF name:
CLSID name:
Installer:
Codebase: http://www.trueswitch.com/sbc/TrueInstallSBC.exe
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
--- Process list ---
PID: 0 ( 0) [System]
PID: 476 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 524 ( 476) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 548 ( 476) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 592 ( 548) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 604 ( 548) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 768 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 816 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 908 ( 592) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 964 ( 592) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1004 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1100 ( 592) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1156 ( 592) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1252 ( 592) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 3B4898CF051BB04FB76E94361E336A83
PID: 1484 ( 592) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: 0A6786C95A6F8715AA4285E3C27F201F
PID: 1596 ( 592) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: C830007369E18A54AED23B5BB3AFA2BA
PID: 1704 ( 592) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1844 ( 592) C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 198336
MD5: 17B403DA2CF620B1213C99B8E06BE0C3
PID: 1884 ( 592) C:\WINDOWS\System32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1900 ( 592) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 31472
MD5: 1F709C66D8AADFF35530C56EE261C462
PID: 1964 ( 592) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1992 ( 592) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 8D64B827A6709C3D18F855619D7D89E9
PID: 2020 ( 592) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2032 ( 592) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1813232
MD5: 8FDAADF204A4F29214DA1B03342E2735
PID: 212 ( 592) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 1316 ( 592) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3288 (3176) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 3580 (3288) C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
size: 270336
MD5: E4D000533F785D64C20F44EA52E5EB86
PID: 3700 (3288) C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C
PID: 3724 (3288) C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 407032
MD5: A2F088DD3834E3BCC28E858A0B3D8F77
PID: 3784 ( 768) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
size: 200704
MD5: DC384325FFC20A35BBD2A49FAE962153
PID: 3804 (3288) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 3840 (3288) C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
PID: 3912 (3288) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
size: 63712
MD5: FC9E59FE8BC4FE05382CFF5C8FC59DE1
PID: 3920 (3288) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 679936
MD5: BC21ED6454FB9C7F1ADF0A663AC96392
PID: 3928 (3288) C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
size: 40960
MD5: 393EFF1F04A49AD901EC0CCD878AC7C0
PID: 3940 (3288) C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
size: 53248
MD5: 3A9162141F9A32044FA9BB24FCBF5AD0
PID: 3972 (3288) C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 3C7A868402B2DD7B65AC32BED886D9E5
PID: 4016 (3288) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9
PID: 4032 (3288) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 125168
MD5: A1307C939E5216317E363D06A5473C7D
PID: 992 (3288) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 448 ( 768) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
size: 416768
MD5: C6E9FD508A4D866CFB672AE70E8944B5
PID: 636 (3288) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 1684 ( 448) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
size: 102400
MD5: 603D421ACD2A3D76210B8F4DFFF43F48
PID: 924 (3288) C:\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 2568 (3288) C:\Program Files\Digital Line Detect\DLG.exe
size: 45056
MD5: 4E01F0DB4E23DA7A1DEA6CFD50B3DCC4
PID: 2052 (3288) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
size: 54512
MD5: BFDD1F0370BAED5FD654A84207BEF2E3
PID: 2596 (1428) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
size: 103664
MD5: 708BEC2CAF30278A97EEEC84F32CE4A7
PID: 3496 (3288) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307712
MD5: D3D5F1B5AFC85B7EE35DD5F46F1D2CDB
PID: 1040 (3032) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXASSW32.EXE
size: 1150976
MD5: 2E302B3205AF927D398650358A12D840
PID: 3380 (1040) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxasreg.exe
size: 36864
MD5: 525215224943A2AD3988E6A28DB45F78
PID: 2616 (3288) C:\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/7/2008 8:38:46 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://att.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://att.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
cesarper
2008-07-08, 05:41
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B7B837-7C2F-4A7E-A409-7C13F4103E91}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B7B837-7C2F-4A7E-A409-7C13F4103E91}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{720861E6-FCEF-4D79-9C3D-6F1107BE0C3E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{720861E6-FCEF-4D79-9C3D-6F1107BE0C3E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB299CB8-E6F0-45A7-823E-209746A793FE}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB299CB8-E6F0-45A7-823E-209746A793FE}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22C84F00-B91F-4A6C-8BCE-B5F74A74E006}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22C84F00-B91F-4A6C-8BCE-B5F74A74E006}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02CCD4E4-6221-4496-8A96-9748DB74F233}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02CCD4E4-6221-4496-8A96-9748DB74F233}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hi
Yes it is :)
Do those still show up in list if you re-scan with spybot?
cesarper
2008-07-09, 21:09
No, they don't.
Hi
Please make sure that all programs are closed when installing Java.
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u7-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
cesarper
2008-07-10, 16:18
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 10, 2008 06:13:33
Records in database: 932671
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 123895
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:49:31
File name / Threat name / Threats count
C:\Documents and Settings\Cesar\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\RECYCLER\S-1-5-21-3402799377-3563514748-4210259494-1006\Dc18.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
The selected area was scanned.
cesarper
2008-07-10, 16:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:53 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cesar\Desktop\Spyware Removal Folder\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5088CF98-BCFF-4227-B043-91865F05F5BF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9A4ED3D2-5CB0-9907-0EB8-EABBE62AB3BA} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-21-3402799377-3563514748-4210259494-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125464059207
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12627 bytes
Hi
That looks good :)
Still problems?
cesarper
2008-07-10, 16:34
Nope, its been good lately.
Are these entries ok? Or should I remove them:
O2 - BHO: (no name) - {5088CF98-BCFF-4227-B043-91865F05F5BF} - (no file)
O2 - BHO: (no name) - {9A4ED3D2-5CB0-9907-0EB8-EABBE62AB3BA} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
Hi
Yes you should remove them but you will need to do this before or they will come back:
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Reboot afterwards and post back a fresh HijackThis log, please.
cesarper
2008-07-11, 08:53
Just want to make sure:
1) Disable TeaTimer
2) Reboot computer
3) Run HJT and get rid of those three items I saw
4) Reboot computer
5) Run HJT again and get a fresh report
6) Post new report.
Correct?
cesarper
2008-07-11, 09:34
Ok, did as instructed. After turning off TeaTimer, rebooting, and running HJT, four new entries appeared on HJT, so I removed those also. Those were:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
Here is the new HJT log after reboot:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:51 AM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Documents and Settings\Cesar\Desktop\Spyware Removal Folder\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125464059207
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12057 bytes
Hi
You can remove also these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
Still problems?
cesarper
2008-07-11, 09:40
Nope, no more problems. Removing those last two items as you read this. Post a new HJT?
Hi
No need if they are gone :)
cesarper
2008-07-11, 09:50
Ok, so we done? Re-enable TeaTimer? Anything else?
Hi
Yes you can do that.
See below for my other instructions:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean! :bigthumb:
cesarper
2008-07-11, 16:09
Thanks, Shaba, your help is greatly appreciated.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.