PDA

View Full Version : wow.exe= Spyware???? WITH REPORT section 2


artsalfa
2006-03-19, 19:16
Tried to attach the entire report generated from most recent Spybot check, both as a file (java glitch gives me page error message and as text but it made the post run over the 20K character limit. So I'm splitting the report.
20 problems fixed (I run Spybot about once a week) not altogether sure what I'm looking at but appears OK. I tried to paste it all in but made the post run over the 20K character limit.
I hadn't "fixed" the Window antivirus disable thing until this scan as I thought (without checking MS site) it was legit, also my browser page IWon always comes up as a required fix... The one thing I did see is when running Spybot my CPU was again maxed out, so now I wonder if there is an actual problem with it or my CMOS settings. The one malware in the report is for a travel service which is legit from USAir

--- Search result list ---
SexList: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


Advertising.com: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


Aornum: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


CoreMetrics: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FunWebProducts

FunWebProducts: Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

HitBox: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


HitsLink: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


I-Won: IE start page (Registry change, fixed)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=about:blank

MediaPlex: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

WebTrends live: Tracking cookie (Internet Explorer: Art) (Cookie, fixed)


Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0


--- Spybot - Search && Destroy version: 1.3 ---
2006-03-19 Includes\Cookies.sbi
2006-03-19 Includes\Dialer.sbi
2006-03-19 Includes\Hijackers.sbi
2006-03-19 Includes\Keyloggers.sbi
2006-03-19 Includes\Malware.sbi
2006-03-19 Includes\Revision.sbi
2006-03-19 Includes\Security.sbi
2006-03-19 Includes\Spybots.sbi
2006-03-19 Includes\Trojans.sbi
2004-11-29 Includes\LSP.sbi
2005-02-17 Includes\Tracks.uti
2003-08-28 Includes\Temporary.sbi
2006-03-19 Includes\PUPS.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB884020
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)


--- Startup entries list ---
Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
size: 479232
MD5: 3df7ac30a381c57d0c70eaefee3c4ef2

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 2a373cda6d5dced20ec56fe7d9e47e5c

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\NeroCheck.exe
file: C:\WINDOWS\System32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, ViewMgr
command: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
file: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
size: 111816
MD5: a36e74ba7528a67a51bc4aff3a50333d

Located: HK_CU:Run,
command:

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, Norton SystemWorks
command: "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
file: C:\Program Files\Norton SystemWorks\cfgwiz.exe
size: 132248
MD5: 1e98bc56f1b8ba23abc1efd9073d53c0

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), DING!.lnk
command: C:\Program Files\Southwest Airlines\Ding\Ding.exe
file: C:\Program Files\Southwest Airlines\Ding\Ding.exe
size: 462848
MD5: 86c85b1005805174fc169a0e873f84d5

Located: Startup (common), FlashPath Monitor.lnk
command: C:\SMARTDSK\sdstat.exe
file: C:\SMARTDSK\sdstat.exe
size: 184320
MD5: bb33761a29bf3adbf15048f056dd6bcc

Located: Startup (common), HP OfficeJet T Series Startup.lnk
command: C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
file: C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
size: 1175552
MD5: f8578193d3f323934af37189ff50b939

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Norton GoBack.lnk
command: C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
file: C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
size: 804480
MD5: 9a71938fb9fdcf801d686c86b0cda508

Located: Startup (user), Forget Me Not Reminders.lnk
command: C:\CACARD\FMREMIND.EXE
file: C:\CACARD\FMREMIND.EXE
size: 6224
MD5: 7b1834d637c1e328966b5281e206cda7



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 3/19/2006
Date (last write): 9/23/2005 11:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 0.7.0.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/19/2006
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 0.5.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 1/7/2000 3:38:26 AM
Date (last access): 3/19/2006
Date (last write): 2/14/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 0.3.0.0

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton SystemWorks\Norton AntiVirus\
Long name: NAVShExt.dll
Short name: NAVSHEXT.DLL
Date (created): 8/30/2004 1:34:34 PM
Date (last access): 3/19/2006
Date (last write): 10/19/2005 12:54:30 PM
Filesize: 218736
Attributes: archive
MD5: EB77A64845D96A77C148A3905641FD45
CRC32: 777D84AF
Version: 0.11.0.0



--- ActiveX list ---
{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
description: Apple Quicktime

Thanks for a check and comment back in advance.
artsalfa
artsalfa
2006-03-19, 19:18
Remainder of my Spybot report which I couldn't send in one file because it was over the 20 k character limit
Thanks Artsalfa

classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name: QTPLUGIN.OCX
Date (created): 5/26/2004 2:47:28 PM
Date (last access): 3/19/2006
Date (last write): 5/26/2004 2:47:28 PM
Filesize: 327736
Attributes: archive
MD5: CE3D865CCF4267C85934D9B7CA8521F2
CRC32: F9306ACA
Version: 0.6.0.4

{0837121A-6472-43BD-8A40-D9221FF1C4CE} ()
DPF name:
CLSID name:
description: SideStep
classification: Confirmed as malware
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SbCIe028.dll
Short name: SBCIE028.DLL
Date (created): 1/12/2004 4:49:04 PM
Date (last access): 3/19/2006
Date (last write): 1/12/2004 4:49:04 PM
Filesize: 217088
Attributes: archive
MD5: 54413EF2C17ADD7E094747CBF2E52319
CRC32: 818CCFAA
Version: 0.4.0.1

{544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting)
DPF name:
CLSID name: MSN Money Charting
Path: C:\WINDOWS\Downloaded Program Files\
Long name: inv13.ocx
Short name:
Date (created): 6/8/2004 10:49:18 PM
Date (last access): 3/17/2006
Date (last write): 6/8/2004 10:49:16 PM
Filesize: 1675264
Attributes: archive
MD5: 416DDD367524080FF97BE839704B9E55
CRC32: 2BA23F58
Version: 0.13.7.211

{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 3/17/2006
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 0.5.0.8

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/18/2006
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 5:48:18 PM
Date (last access): 3/17/2006
Date (last write): 11/19/2003 5:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 0.1.0.4

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 9/28/2004 8:26:10 PM
Date (last access): 3/17/2006
Date (last write): 9/28/2004 8:26:00 PM
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 0.1.0.4

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 3/4/2005 3:36:50 AM
Date (last access): 3/17/2006
Date (last write): 3/4/2005 3:54:18 AM
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 0.5.0.0

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 3:52:58 AM
Date (last access): 3/17/2006
Date (last write): 6/3/2005 4:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 0.5.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/19/2006
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/19/2006
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name: FLASH8.OCX
Date (created): 8/27/2005 1:38:56 PM
Date (last access): 3/19/2006
Date (last write): 8/27/2005 1:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 0.8.0.0

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 3/27/2003 7:04:40 PM
Date (last access): 3/19/2006
Date (last write): 5/22/2005 12:01:56 AM
Filesize: 86016
Attributes: archive
MD5: 1FB1E8F66475923148FBEB3D4CDEDE52
CRC32: 3264B16C
Version: 0.2.0.0

{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Path: C:\WINDOWS\system32\
Long name: qdiagh.ocx
Short name:
Date (created): 11/30/2004 2:10:08 PM
Date (last access): 3/17/2006
Date (last write): 11/30/2004 2:10:08 PM
Filesize: 824416
Attributes: archive
MD5: F74D5AEFB89DEDC35B2295ED424A7CDF
CRC32: 25AD1A25
Version: 0.1.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 3/19/2006 11:48:24 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 164 ( 576) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 200 ( 576) WDFMGR.EXE
PID: 300 ( 576) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 344 ( 928) C:\Program Files\Messenger\msmsgs.exe
PID: 408 ( 4) \SystemRoot\System32\smss.exe
PID: 472 ( 928) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 508 ( 408) CSRSS.EXE
PID: 532 ( 408) \??\C:\WINDOWS\system32\winlogon.exe
PID: 576 ( 532) C:\WINDOWS\system32\services.exe
PID: 588 ( 532) C:\WINDOWS\system32\lsass.exe
PID: 736 ( 576) C:\WINDOWS\system32\svchost.exe
PID: 780 ( 576) SVCHOST.EXE
PID: 844 ( 576) C:\WINDOWS\System32\svchost.exe
PID: 900 ( 576) SVCHOST.EXE
PID: 924 ( 928) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
PID: 928 (1740) C:\WINDOWS\Explorer.EXE
PID: 1012 ( 576) SVCHOST.EXE
PID: 1148 ( 576) C:\WINDOWS\system32\spoolsv.exe
PID: 1188 ( 928) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PID: 1220 (3232) C:\WINDOWS\system32\hpoipm07.exe
PID: 1224 ( 576) ALG.EXE
PID: 1244 ( 928) C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
PID: 1320 ( 928) C:\Program Files\QuickTime\qttask.exe
PID: 1476 ( 576) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 1516 ( 576) C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
PID: 1552 ( 576) C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
PID: 1632 ( 576) C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
PID: 1704 ( 576) C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
PID: 1828 ( 532) C:\WINDOWS\system32\taskmgr.exe
PID: 1872 ( 576) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PID: 1948 ( 576) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PID: 2004 ( 576) C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
PID: 2036 ( 736) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
PID: 2040 ( 576) C:\WINDOWS\System32\svchost.exe
PID: 2212 ( 928) C:\SMARTDSK\sdstat.exe
PID: 2324 ( 928) C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
PID: 2360 ( 576) C:\WINDOWS\System32\svchost.exe
PID: 2388 ( 928) C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
PID: 2400 ( 928) C:\Program Files\Southwest Airlines\Ding\Ding.exe
PID: 2724 ( 928) C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
PID: 3232 (2388) C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
PID: 3400 ( 928) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 3/19/2006 11:48:24 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E0929DA-C896-4098-873D-C54106A5FBE5}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 4: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E0929DA-C896-4098-873D-C54106A5FBE5}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A099E43-011E-42B9-995A-57FF4AB51466}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A099E43-011E-42B9-995A-57FF4AB51466}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC34F504-FB26-46C9-9B6C-4A941047FF1C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC34F504-FB26-46C9-9B6C-4A941047FF1C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*
shelf life
2006-03-20, 02:46
hi artsalfa,

i see one item, SbCIe028.dll. see this link about downloading/using hjt to post a log. it will be easier to identify and get rid of with hjt..........shelf life

http://forums.spybot.info/showthread.php?t=288
tashi
2006-03-25, 23:18
Due to lack of a response this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.