View Full Version : Spybot freezes at "Fix Selected Problems"
waterman
2008-10-02, 14:33
It completes the scan, finds about a dozen spywares, but freezes when I hit "fix selected problems. I have updated spybot, removed Ad-Aware from the computer, and de-seleected "create restore point" in SB.
I run XP, and have McAfee installed.
Thanks in advance for any help. I've been struggling with this for weeks. Spybot used to run just fine on this computer.
waterman
2008-10-03, 04:27
Amyone?
drragostea
2008-10-03, 06:03
I haven't have the foggiest idea of what might be the culprit, but I'll try to answer your query the best I can. Do you recall what Spybot-Search&Destroy was detecting? Can you post a log of the results?
Were you attempting to fix all the problems at once?
waterman
2008-10-03, 12:37
Yes - I was trying to fix all the prolems at once.
Here's what resulted when I clicked on "view report." Not sure if this is what you are looking for:
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-07-30 SDUpdate.exe (1.6.0.9)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-07 spybotsd160.exe (1.6.0.0)
2008-09-07 unins000.exe (51.49.0.0)
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDShred.exe (1.0.2.3)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-07-07 advcheck.dll (1.6.1.12)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-07-07 Tools.dll (2.1.5.7)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2008-09-02 Includes\Dialer.sbi
2008-09-02 Includes\Hijackers.sbi
2004-11-29 Includes\LSP.sbi
2008-09-02 Includes\PUPS.sbi
2008-06-18 Includes\Security.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-09-09 Includes\Malware.sbi
2008-06-03 Includes\Spybots.sbi
2008-09-09 Includes\Spyware.sbi
2008-09-02 Includes\Adware.sbi
2008-09-30 Includes\Trojans.sbi
2008-06-03 Includes\Cookies.sbi
2007-11-07 Includes\Revision.sbi
2008-06-03 Includes\Tracks.uti
2008-09-30 Includes\TrojansC.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-09-30 Includes\SecurityC.sbi
2008-09-11 Includes\PUPSC.sbi
2008-09-30 Includes\MalwareC.sbi
2008-09-30 Includes\KeyloggersC.sbi
2008-09-02 Includes\HijackersC.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-09 Includes\AdwareC.sbi
2008-09-23 Includes\SpywareC.sbi
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 5369A26E89C68E9420AE9B9CC6305834
Located: HK_LM:Run, CamMonitor
command: C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
size: 90112
MD5: C0DE87745C950F2966394837C3683AE5
Located: HK_LM:Run, mcagent_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 641208
MD5: 6E1AA17E2758D565AF541A213DD1A217
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 385024
MD5: BAFCF6CF19CE4882039C52DFA17BE35F
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\system32\SysTray.Exe
size: 3072
MD5: 46E07FD3A40760FDA18CF6B4FC691742
Located: HK_LM:Run, WD Button Manager
command: WDBtnMgr.exe
file: C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: B9AC8889D190590F004A0CC8385C406B
Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 6F6493A929BC9B5762035940E825B840
Located: HK_CU:Run, ctfmon.exe
where: PE_C_BUCKEYE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task
where: PE_C_BUCKEYE...
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 385024
MD5: BAFCF6CF19CE4882039C52DFA17BE35F
Located: HK_CU:Run, Aim6 (DISABLED)
where: PE_C_EMILY ROMME...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50736
MD5: 233CA87903AD80083DD16FE994F0B2E1
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: PE_C_EMILY ROMME...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: PE_C_EMILY ROMME...
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 385024
MD5: BAFCF6CF19CE4882039C52DFA17BE35F
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-823518204-813497703-854245398-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, RCHotKey
where: S-1-5-21-823518204-813497703-854245398-1004...
command: "C:\PROGRA~1\RINGCE~1\EXTREM~1\RCHotKey.exe"
file: C:\PROGRA~1\RINGCE~1\EXTREM~1\RCHotKey.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, RCUI
where: S-1-5-21-823518204-813497703-854245398-1004...
command: "C:\PROGRA~1\RINGCE~1\EXTREM~1\RCUI.exe"
file: C:\PROGRA~1\RINGCE~1\EXTREM~1\RCUI.exe
size: 462848
MD5: 56B68DFDFFD377D6CBBF8B58C2E0C38C
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-823518204-813497703-854245398-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
Located: HK_CU:Run, MoneyAgent (DISABLED)
where: S-1-5-21-823518204-813497703-854245398-1004...
command: "C:\Program Files\Microsoft Money\System\Money Express.exe"
file: C:\Program Files\Microsoft Money\System\Money Express.exe
size: 176183
MD5: 3609A9830FB127EE1066EA7A744DC479
Located: Startup (common), Program Neighborhood Agent.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Citrix\ICA Client\pnagent.exe
file: C:\Program Files\Citrix\ICA Client\pnagent.exe
size: 233744
MD5: E4936FD7A54BDB23FEBB2E20B325898D
Located: Startup (user), Adobe Gamma.lnk
where: C:\Documents and Settings\HP Authorized Custom\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (user), Picture Motion Browser Media Check Tool.lnk (DISABLED)
where: C:\Documents and Settings\HP Authorized Custom\Start Menu\Programs\Startup...
command: C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
file: C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
size: 385024
MD5: 6952642FDDC5BFBFB398F55F71D94FFA
Located: Startup (user), WD Anywhere Backup Launcher.lnk (DISABLED)
where: C:\Documents and Settings\HP Authorized Custom\Start Menu\Programs\Startup...
command: C:\Documents and Settings\HP Authorized Custom\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
file: C:\Documents and Settings\HP Authorized Custom\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
size: 17542
MD5: 1BB5E3BC774666F2C22C12C76CAC4C24
Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), ATI CATALYST System Tray (DISABLED)
command: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
file: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
Located: Startup (disabled), QuickBooks Update Agent (DISABLED)
command: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
file: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
size: 972064
MD5: 1A2EC9FB378AF13623D3A03CB8AE56E1
Located: Startup (disabled), Windows Desktop Search (DISABLED)
command: C:\PROGRA~1\MSNTOO~1\DS\020500~1.111\en-us\bin\WINDOW~3.EXE /startup
file: C:\PROGRA~1\MSNTOO~1\DS\020500~1.111\en-us\bin\WINDOW~3.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 122880
MD5: 7B5D624FBB163CE7ACA3BDA9290F6702
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 3/20/2007 5:39:26 PM
Date (last access): 10/3/2008
Date (last write): 3/20/2007 5:39:26 PM
Filesize: 803864
Attributes: archive
MD5: 839BC91F49F8ADA29F3E3B8366057016
CRC32: E8D1E607
Version: 2007.3.20.1
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 6/28/2008 9:31:52 PM
Date (last access): 10/3/2008
Date (last write): 6/28/2008 9:31:52 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 9/7/2008 6:36:32 AM
Date (last access): 10/3/2008
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes:
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 8/16/2008 4:23:46 PM
Date (last access): 10/3/2008
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 8/1/2007 5:36:42 AM
Date (last access): 10/3/2008
Date (last write): 6/20/2008 5:41:56 AM
Filesize: 58688
Attributes: archive
MD5: DA78F26E8FEF338652752D3D112908D9
CRC32: 7D6BBF4B
Version: 14.0.0.384
{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 6/12/2007 5:53:14 AM
Date (last access): 10/3/2008
Date (last write): 5/10/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 3/5/2007 1:34:28 PM
Date (last access): 10/2/2008
Date (last write): 3/5/2007 1:34:28 PM
Filesize: 676224
Attributes: archive
MD5: B221B218126BC9409257F39837BAB90C
CRC32: 60F920AA
Version: 1.6.21.0
{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5)
DPF name:
CLSID name: Facebook Photo Uploader 5
Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
Codebase: http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImageUploader5.ocx
Short name: IMAGEU~1.OCX
Date (created): 4/9/2008 3:27:42 PM
Date (last access): 9/24/2008
Date (last write): 4/9/2008 3:27:42 PM
Filesize: 3175136
Attributes: archive
MD5: C34D0189E37CDE86947B889FBEB81C7A
CRC32: DAEE829D
Version: 5.1.11.0
{15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control)
DPF name:
CLSID name: Macromedia Authorware Web Player Control
Installer: C:\WINDOWS\Downloaded Program Files\awswax.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
description:
classification: Legitimate
known filename: awswax.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\macromed\authorwa\
Long name: awswax.ocx
Short name:
Date (created): 4/9/2003 1:08:54 PM
Date (last access): 9/15/2008
Date (last write): 4/9/2003 1:08:54 PM
Filesize: 181760
Attributes: archive
MD5: 8DC9A511812F894FFA6A95B02D6B830F
CRC32: 8E55FBB1
Version: 7.0.0.69
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 6/1/2004 2:36:58 PM
Date (last access): 9/16/2008
Date (last write): 6/1/2004 2:36:58 PM
Filesize: 141312
Attributes: archive
MD5: 508DA8ADF7BE51C22D13D02845FB431E
CRC32: 87D8A7AB
Version: 2004.6.1.1
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
description:
classification: Legitimate
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 7/26/2004 7:13:00 PM
Date (last access): 10/3/2008
Date (last write): 10/18/2005 11:08:04 AM
Filesize: 349760
Attributes: archive
MD5: 4BCCCA6CBD89CE29DD7FE0BB1E0DCDD3
CRC32: FF5BF715
Version: 4.0.0.101
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/16/2008
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_07
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_07.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_07\bin\
Long name: NPJPI142_07.dll
Short name: NPJPI1~1.DLL
Date (created): 1/15/2069 12:24:24 PM
Date (last access): 9/16/2008
Date (last write): 1/15/2005 12:24:14 PM
Filesize: 65650
Attributes: archive
MD5: 3BBB2859FB15A362EEF593AD3E6BAF9C
CRC32: 5601F736
Version: 1.4.2.70
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 4/13/2005 3:48:56 AM
Date (last access): 9/16/2008
Date (last write): 4/13/2005 4:06:32 AM
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 9/16/2008
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 9/16/2008
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 9/16/2008
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 10/3/2008
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 10/3/2008
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name: FLASH9F.OCX
Date (created): 3/24/2008 10:32:42 PM
Date (last access): 10/2/2008
Date (last write): 3/24/2008 10:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 288 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 368 ( 288) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 400 ( 288) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 444 ( 400) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 456 ( 400) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 604 ( 444) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 728 ( 444) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 764 ( 444) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 864 ( 444) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 896 ( 444) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1044 ( 444) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1152 ( 444) C:\Program Files\Bonjour\mDNSResponder.exe
size: 229376
MD5: CFD4C3352E29A8B729536648466E8DF5
PID: 1212 ( 444) C:\Program Files\McAfee\MSC\MCMSCSVC.EXE
size: 792184
MD5: 7E9E0775D97ACA83EA8EFA524AB063F6
PID: 1268 ( 444) c:\program files\common files\mcafee\mna\mcnasvc.exe
size: 2482848
MD5: D2400BCEF4D58F7EAC290956F90BF678
PID: 1292 ( 444) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
size: 358736
MD5: 449293396872E009ABD86859525383CB
PID: 1364 ( 444) C:\Program Files\McAfee\VirusScan\Mcshield.exe
size: 144704
MD5: AD10E3AE52CC3DD03E5DFAAD684B427D
PID: 1476 ( 444) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1596 ( 444) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 164 ( 444) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1880 ( 444) C:\Program Files\McAfee\VirusScan\mcsysmon.exe
size: 605512
MD5: 64CBF6B5EFFCD7C689DAFB44B4E8834F
PID: 4008 ( 604) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 641208
MD5: 6E1AA17E2758D565AF541A213DD1A217
PID: 716 (1668) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 132 ( 716) C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: C0DE87745C950F2966394837C3683AE5
PID: 696 ( 716) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: D5BC63D2822B8E244E53D2FF8078CC6B
PID: 1844 ( 716) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 2188 ( 604) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: 59380D1808A83AA4150F550F45BEE3A9
PID: 2276 ( 716) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 5369A26E89C68E9420AE9B9CC6305834
PID: 2332 ( 716) C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: B9AC8889D190590F004A0CC8385C406B
PID: 2300 ( 716) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2292 ( 716) C:\Program Files\RingCentral\eXtreme Fax\RCUI.exe
size: 462848
MD5: 56B68DFDFFD377D6CBBF8B58C2E0C38C
PID: 2396 ( 444) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
size: 654848
MD5: 227846995AFEEFA70D328BF5334A86A5
PID: 3724 ( 716) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196152
MD5: 40825ACFC23E0AD28DA1FC63F77E9825
PID: 3180 ( 604) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12037688
MD5: 1EEA7DD2F1EA6EFEF380B99A90228D2F
PID: 772 (3724) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 625664
MD5: 64E376A47763DAEABCDA14BD5B6EA286
PID: 4036 ( 716) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 4 ( 0) System
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B029958-181A-4E42-87FB-8F05A4FE1E6F}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B029958-181A-4E42-87FB-8F05A4FE1E6F}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13F24F31-A41F-4B9C-8706-21ABAC1F5771}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13F24F31-A41F-4B9C-8706-21ABAC1F5771}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78227A39-AEB3-4639-953D-3A221447FDB4}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78227A39-AEB3-4639-953D-3A221447FDB4}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7AAE0C4-BEC4-41C2-97A2-9AB4E0386C2D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7AAE0C4-BEC4-41C2-97A2-9AB4E0386C2D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CA55FA6-8FAA-4A86-8BAA-F993106A9ADB}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CA55FA6-8FAA-4A86-8BAA-F993106A9ADB}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
waterman
2008-10-03, 12:43
Here's the reults of the SB run:
Hint of the Day: Click the bar at the right of this to see more information! ()
Right Media: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
Zedo: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
DirectTrack: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
Clickbank: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
HitsLink: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
Statcounter: Tracking cookie (Internet Explorer: HP Authorized Custom) (Cookie, nothing done)
User abort!: Scan was not completed successfully. ()
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-07-30 SDUpdate.exe (1.6.0.9)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-07 spybotsd160.exe (1.6.0.0)
2008-09-07 unins000.exe (51.49.0.0)
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDShred.exe (1.0.2.3)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-07-07 advcheck.dll (1.6.1.12)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-07-07 Tools.dll (2.1.5.7)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2008-09-02 Includes\Dialer.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-09-09 Includes\Spyware.sbi (*)
2008-09-02 Includes\Adware.sbi (*)
2008-09-30 Includes\Trojans.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-30 Includes\TrojansC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-30 Includes\SecurityC.sbi (*)
2008-09-11 Includes\PUPSC.sbi (*)
2008-09-30 Includes\MalwareC.sbi (*)
2008-09-30 Includes\KeyloggersC.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-09-23 Includes\SpywareC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
checking just 3 problems at a time and fixing them? Also, have you tried safe mode to scan and remove the items? If there are many items, you may need to only check a couple at a time... Hope this helps you. :)
browntodda
2008-10-03, 23:16
waterman, I'm a new member and have had the same problem with an older computer. As the last post said, try fixing only a few problems at a time, instead of selecting all of them. When I got down to one problem remaining, with some 200+ reported infections, I had to go into Safe Mode with Networking (see FAQs on the support site). That one finally worked, but I had trouble with some of my root files for Windows being removed - BE SURE to create a restore point before doing this! Look at the list of files to be removed by clicking on the + sign, and be sure it isn't trying to take out any Windows .dll files -- if so, be VERY CAREFUL about what you take out, or you'll have to do a manual recovery from your computer's recovery disk. If you're like me, you have no idea where that got to after you unpacked your computer, so just go after the problems that don't contain any Windows files! Good luck
waterman
2008-10-04, 01:21
Thanks all. Just by chance, I got it to work. I started another scan, and clicked "stop scan." When I did, the results of the last (failed scan) popped up. I hit fix, and it did its thing. I rescanned it and it found no infections.
I'll keep track of this thread however because I think I'm going to see this issue again...
Thanks to all!
Thanks all. Just by chance, I got it to work. I started another scan, and clicked "stop scan." When I did, the results of the last (failed scan) popped up. I hit fix, and it did its thing. I rescanned it and it found no infections.
I'll keep track of this thread however because I think I'm going to see this issue again...
Thanks to all!
I'm glad everything is fine now :) Don't ever hesitate to ask questions!!
Missionaryman
2008-10-06, 15:47
Good day,
Been a new member I am asking for some advice.
The S&D prompted me for reboot. Okay, I waited patiently another 31 minuts than after the second full scan.The result: " There are 5 problems" (written on the bottom of the window) but I have no a window, where I can check the "problem" or to click "fix selected problems". Sorry for my "English".
Thank you in advance.
drragostea
2008-10-07, 01:13
but I have no a window, where I can check the "problem" or to click "fix selected problems".
You'll have to click on the "Search&Destroy" tab.
Missionaryman
2008-10-08, 07:04
Stimate drragostea
Thank you very much for your answer
"You'll have to click on the "Search&Destroy" tab. "
This is mean, I have to start a third Full scan?
By the way, today after I clicked to "Fix selected problems" the S&D collapsed.
Before this, I did copied to clipboard the full report, with intentions to Past here, but just gone.
Missionaryman
2008-10-08, 07:33
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-04-26 unins000.exe (51.41.0.0)
2008-10-05 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-09-02 Includes\Adware.sbi
2008-09-09 Includes\AdwareC.sbi
2008-09-30 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-09-02 Includes\HijackersC.sbi
2008-09-09 Includes\Keyloggers.sbi
2008-09-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-09-09 Includes\Malware.sbi
2008-09-30 Includes\MalwareC.sbi
2008-09-02 Includes\PUPS.sbi
2008-09-11 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-09-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-09-09 Includes\Spyware.sbi
2008-09-23 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-09-30 Includes\Trojans.sbi
2008-09-30 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB928367)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB916281
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918899
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB925486
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
--- Startup entries list ---
Located: HK_LM:Run, AirPort Base Station Agent
command: "C:\Program Files\AirPort\APAgent.exe"
file: C:\Program Files\AirPort\APAgent.exe
size: 737280
MD5: D9E930B47AF5B2366B2498A57C95D1A3
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 116040
MD5: 27E0EB81AE55788C8FBE6D489F862168
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: EE915A9B3B8FCEE769D326E4602263A3
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: EA3BE7F5CDEF0FE4DF1BF6DBFE7ABDE0
Located: HK_LM:Run, Earthlink Protection Control Center
command: "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
file: C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe
size: 67048
MD5: 79E518C32BA20A0373C39932D1F6FE2E
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 289064
MD5: 4CED92963F453EB8DCFE67FD4248D657
Located: HK_LM:Run, lxdjamon
command: "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
file: C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
size: 20480
MD5: BE82AE3DC56D07D4B476EF962B3C6085
Located: HK_LM:Run, LXDJCATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll
size: 102400
MD5: 9DB9E8B9F590B9BF9E9DFD4C5360AA95
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: F34EB5D4F145ED5FE50033CA3A41ED24
Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe
file: C:\Cpqs\Scom\srmclean.exe
size: 36864
MD5: 787B8AD5FEF1A68D3ED00E4E393B9D18
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: A0AC3841DC595B5D86AB9E5016A0E36A
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: AB349998E551DE1C0DCC5AD63CE41D31
Located: HK_LM:Run, vsc32cnf.exe
command: C:\Program Files\Roland\VSC32\vsc32cnf.exe
file: C:\Program Files\Roland\VSC32\vsc32cnf.exe
size: 36864
MD5: 939E091564A2D1DF9FC185909E0E0592
Located: HK_LM:Run, wwu
command: C:\Program Files\Winbond\WLAN\wwu.exe
file: C:\Program Files\Winbond\WLAN\wwu.exe
size: 943104
MD5: 261136A6D17221D2B7F88048E162A9F2
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, IETI
where: .DEFAULT...
command: C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
file: C:\Program Files\Skype\Phone\IEPlugin\unins000.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1630763251-170375242-4018089512-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1630763251-170375242-4018089512-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, IETI
where: S-1-5-18...
command: C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
file: C:\Program Files\Skype\Phone\IEPlugin\unins000.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 3979BB2D12D6F2E82C6B320DE92CD757
Located: Startup (common), MozyHome Status.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\MozyHome\mozystat.exe
file: C:\Program Files\MozyHome\mozystat.exe
size: 2311472
MD5: FBB6680FFC6ABEC15158D345F322B5F7
Located: Startup (user), Adobe Media Player.lnk
where: C:\Documents and Settings\Owner\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe Media Player\Adobe Media Player.exe
file: C:\Program Files\Adobe Media Player\Adobe Media Player.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
size: 282624
MD5: 3A6CA22B20D307ADF63931C9FC42274A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{00000000-0000-0000-0000-000000000002} (EarthLink BHO Guard)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: EarthLink BHO Guard
CLSID name: ElnkBhoGuard Class
Path: C:\Program Files\EarthLink\Toolbar\
Long name: EScamBlk.dll
Short name:
Date (created): 7/20/2007 7:35:06 AM
Date (last access): 10/8/2008 11:11:44 AM
Date (last write): 7/20/2007 7:35:06 AM
Filesize: 247272
Attributes: archive
MD5: 9C6AE34B0658E27B080B7903881129CE
CRC32: 9CACE02B
Version: 4.0.184.0
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 12/19/2007 6:49:22 AM
Date (last access): 10/8/2008 11:47:08 AM
Date (last write): 12/19/2007 6:49:22 AM
Filesize: 817936
Attributes: archive
MD5: 5A9E77C71D6D7030BC170DD7CF04CF5D
CRC32: 74F4CBB1
Version: 2007.12.18.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/18/2006 4:16:42 AM
Date (last access): 10/8/2008 11:20:20 AM
Date (last write): 12/18/2006 4:16:42 AM
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Lexmark Toolbar
Path: C:\Program Files\Lexmark Toolbar\
Long name: toolband.dll
Short name:
Date (created): 8/19/2007 12:26:02 AM
Date (last access): 10/8/2008 11:11:44 AM
Date (last write): 5/29/2007 4:04:02 PM
Filesize: 258048
Attributes: archive
MD5: D631086D9E561B99D1140C3C912BD0D9
CRC32: 526A3603
{15F4D456-5BAA-4076-8486-EECB38CD3E57} (EarthLink ScamBlocker V3)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: EarthLink ScamBlocker V3
CLSID name: ElnkScamBHO Class
Path: C:\Program Files\EarthLink\Toolbar\
Long name: EScamBlk.dll
Short name:
Date (created): 7/20/2007 7:35:06 AM
Date (last access): 10/8/2008 1:07:54 PM
Date (last write): 7/20/2007 7:35:06 AM
Filesize: 247272
Attributes: archive
MD5: 9C6AE34B0658E27B080B7903881129CE
CRC32: 9CACE02B
Version: 4.0.184.0
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 8/17/2007 10:45:14 AM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 8/17/2007 10:45:14 AM
Filesize: 1062184
Attributes: archive
MD5: 5691045B4F891D8A7CE6F04FE3EBF9C7
CRC32: FB57CE14
Version: 2.2.0.105
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet ClickCapture)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: BitComet ClickCapture
CLSID name: BitComet Helper
Path: C:\Program Files\BitComet\tools\
Long name: BitCometBHO_1.2.6.26.dll
Short name: BITCOM~2.DLL
Date (created): 6/26/2008 2:21:58 PM
Date (last access): 10/8/2008 11:03:06 AM
Date (last write): 6/26/2008 2:21:58 PM
Filesize: 656696
Attributes: archive
MD5: C437215F1FB9998A3FE08E1C918A730E
CRC32: 01E44BCF
Version: 1.2.6.26
{45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Idea2 SidebarBrowserMonitor Class
description: Desktop Sidebar
classification: Legitimate
known filename: sbhelp.dll
info link: http://sidebar.tech-critic.com/
info source: TonyKlein
Path: C:\Program Files\Desktop Sidebar\
Long name: sbhelp.dll
Short name:
Date (created): 9/5/2004 7:05:56 AM
Date (last access): 10/8/2008 11:03:06 AM
Date (last write): 9/5/2004 7:05:56 AM
Filesize: 233472
Attributes:
MD5: 45545AA56620007F54C00A583643C9E1
CRC32: BC1A6C6D
Version: 1.4.75.0
{512ACF1B-64D9-4928-B382-A80556F28DB4} (EarthLink PopUp Blocker V2)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: EarthLink PopUp Blocker V2
CLSID name: ElnkPubBHO Class
Path: C:\Program Files\EarthLink\Toolbar\
Long name: ElnkPuB.dll
Short name:
Date (created): 7/20/2007 7:35:06 AM
Date (last access): 10/8/2008 11:11:44 AM
Date (last write): 7/20/2007 7:35:06 AM
Filesize: 255464
Attributes: archive
MD5: D96B871BB1C0623C54F8B3EE6C03F44B
CRC32: 607C2BB5
Version: 4.0.75.0
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 4/26/2008 10:26:04 AM
Date (last access): 10/8/2008 1:07:54 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes:
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 12/13/2007 7:09:42 AM
Date (last access): 10/8/2008 11:11:44 AM
Date (last write): 12/13/2007 7:09:42 AM
Filesize: 222448
Attributes: archive
MD5: BBDE3B4ACB928F30A35DBA4DD11564E1
CRC32: F07520BB
Version: 2007.12.12.1
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 5/21/2008 2:43:06 PM
Date (last access): 10/8/2008 11:20:20 AM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 10:30:18 AM
Date (last access): 10/8/2008 11:12:38 AM
Date (last write): 9/20/2007 10:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{9579D574-D4D8-4335-9560-FE8641A013BD} (Earthlink Protection BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Earthlink Protection BHO
CLSID name: ElnkProtectionBHO Class
Path: C:\Program Files\EarthLink\Toolbar\
Long name: ProtctIE.dll
Short name:
Date (created): 7/20/2007 7:35:08 AM
Date (last access): 10/8/2008 11:20:20 AM
Date (last write): 7/20/2007 7:35:08 AM
Filesize: 415208
Attributes: archive
MD5: 487302AD4E4C68E6FAC7B24891E893B7
CRC32: 4E88F406
Version: 4.0.75.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 4/24/2007 8:51:08 PM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 1/20/2007 4:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 9/28/2006 6:45:28 AM
Date (last access): 10/8/2008 11:20:20 AM
Date (last write): 2/13/2007 4:56:04 AM
Filesize: 546672
Attributes: archive
MD5: 0FAF0281CBC1F5B8293A2A03745C0ACB
CRC32: C42472CB
Version: 3.1.0.130
{E713904C-DF05-4C79-BBAD-02DB923253BE} (Uninstall Legacy Earthlink Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Uninstall Legacy Earthlink Toolbar
CLSID name: ElnkLegacyUninstBHO Class
Path: C:\Program Files\EarthLink\Toolbar\
Long name: uninsttb.dll
Short name:
Date (created): 7/20/2007 7:35:08 AM
Date (last access): 10/8/2008 11:11:44 AM
Date (last write): 7/20/2007 7:35:08 AM
Filesize: 280040
Attributes: archive
MD5: 134E1F09CAC5E2A4B415B80986C4DB4D
CRC32: E243CCCC
Version: 4.0.75.0
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/29/2007 6:55:58 AM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 11/29/2007 6:55:58 AM
Filesize: 211744
Attributes: archive
MD5: 48FF0FA1CAB4AD6ACEF9027F34090880
CRC32: 284355E3
Version: 2007.11.28.1
{49232000-16E4-426C-A231-62846947304B} (SysData Class)
DPF name:
CLSID name: SysData Class
Installer: C:\WINDOWS\Downloaded Program Files\sysinfo.inf
Codebase: http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
description:
classification: Legitimate
known filename: SysInfo.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: SysInfo.dll
Short name:
Date (created): 5/15/2007 4:33:20 PM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 5/15/2007 4:33:20 PM
Filesize: 251448
Attributes: archive
MD5: 55E8A05DDA26E8C455A7730721DCAF60
CRC32: 38BB3B52
Version: 2.4.0.0
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154461929389
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 9:19:32 PM
Date (last access): 10/8/2008 11:09:06 AM
Date (last write): 7/18/2008 10:07:32 PM
Filesize: 210976
Attributes: archive
MD5: C5F2BE2C84D119CCE6DB901EA49D1528
CRC32: D65E48EB
Version: 7.2.6001.784
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 10/18/2007 10:04:16 AM
Date (last access): 10/8/2008 11:02:54 AM
Date (last write): 10/18/2007 10:04:16 AM
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control)
DPF name:
CLSID name: Get_ActiveX Control
Installer:
Codebase: https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
description:
classification: Legitimate
known filename: HPGetDownloadManager.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: HPGetDownloadManager.ocx
Short name: HPGETD~1.OCX
Date (created): 4/29/2007 11:53:06 AM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 4/29/2007 11:53:06 AM
Filesize: 88136
Attributes: archive
MD5: 200E3189656F9A29FB5BC7F71AB3F283
CRC32: 8C85B2F9
Version: 3.3.0.0
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/14/2005 6:26:04 PM
Date (last access): 10/8/2008 11:43:20 AM
Date (last write): 8/14/2005 6:26:04 PM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 9:22:38 AM
Date (last access): 10/8/2008 11:43:22 AM
Date (last write): 7/12/2007 11:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 10/8/2008 1:07:56 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/25/2008 11:32:42 AM
Date (last access): 10/8/2008 11:03:14 AM
Date (last write): 3/25/2008 11:32:42 AM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 656 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 704 ( 656) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 728 ( 656) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 772 ( 728) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 784 ( 728) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 944 ( 772) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1052 ( 772) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1148 ( 772) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1328 ( 772) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1540 ( 772) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1572 (1488) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1684 (1572) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1708 ( 772) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 16056
MD5: E2323AD197689D607EBC52137B4DFB2E
PID: 1764 ( 772) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 147640
MD5: 58E57D723BD437049F74408016E1735D
PID: 124 ( 772) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 200 ( 772) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 86D007E7A654B9A71D1D7D856B104353
PID: 1004 ( 772) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 116040
MD5: 2BDA4A9480B550FCCA6D29C22CA54C0D
PID: 1036 ( 772) C:\Program Files\Bonjour\mDNSResponder.exe
size: 229376
MD5: CFD4C3352E29A8B729536648466E8DF5
PID: 1124 ( 772) C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
size: 38376
MD5: 2FB237D61723BA078B9E13AFE991CEE9
PID: 1552 ( 772) C:\WINDOWS\system32\HPConfig.exe
size: 151552
MD5: CD040AC1F1B10F5AE56A1F51D107AB9B
PID: 1592 ( 772) C:\WINDOWS\system32\lxdjcoms.exe
size: 537520
MD5: 2338B4CFFF30E103841E90B6E9FA5340
PID: 1828 ( 772) C:\Program Files\MozyHome\mozybackup.exe
size: 87344
MD5: 4AD0F23C07847894DBB13314E318EA48
PID: 264 ( 772) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: A38B3CE68E7F126190CDE4AA3FDF050F
PID: 280 ( 772) C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe
size: 112104
MD5: B05054360C0EE8941B3F958FE80677F8
PID: 464 ( 772) C:\Program Files\Winbond\WLAN\wbsecsvc.exe
size: 270336
MD5: B3BEC25676AB2CE2FD8E82CF3BAFE46B
PID: 2124 ( 772) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 250040
MD5: BCEA9A5EEF52351E1632DD417D3E7308
PID: 2204 ( 772) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 348344
MD5: B2203D1A09CAC8232780BFCF01A9B853
PID: 2440 ( 772) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2816 (1572) C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: EA3BE7F5CDEF0FE4DF1BF6DBFE7ABDE0
PID: 2896 (1572) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: EE915A9B3B8FCEE769D326E4602263A3
PID: 2992 (1572) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: AB349998E551DE1C0DCC5AD63CE41D31
PID: 3020 (1572) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: A0AC3841DC595B5D86AB9E5016A0E36A
PID: 3036 (1572) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 78008
MD5: 66893067C2FB0505F151D3FCB8EA92B5
PID: 3088 (1572) C:\Program Files\Roland\VSC32\vsc32cnf.exe
size: 36864
MD5: 939E091564A2D1DF9FC185909E0E0592
PID: 3108 (1572) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 3132 (1572) C:\Program Files\Winbond\WLAN\wwu.exe
size: 943104
MD5: 261136A6D17221D2B7F88048E162A9F2
PID: 3160 (1572) C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
size: 20480
MD5: BE82AE3DC56D07D4B476EF962B3C6085
PID: 3232 (1572) C:\Program Files\AirPort\APAgent.exe
size: 737280
MD5: D9E930B47AF5B2366B2498A57C95D1A3
PID: 3300 ( 772) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3316 (1572) C:\Program Files\iTunes\iTunesHelper.exe
size: 289064
MD5: 4CED92963F453EB8DCFE67FD4248D657
PID: 3680 (1572) C:\Program Files\MozyHome\mozystat.exe
size: 2311472
MD5: FBB6680FFC6ABEC15158D345F322B5F7
PID: 4048 ( 772) C:\Program Files\iPod\bin\iPodService.exe
size: 532264
MD5: D7ED7D86C9FDDC2EEE637B303B3D6A6B
PID: 1996 (3900) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 3520 (1572) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 64E376A47763DAEABCDA14BD5B6EA286
PID: 2872 (1572) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/8/2008 1:07:55 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://mail.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.acenet.net.au/search/search-engines.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F66FC13-DABE-4227-8C8A-3374E6B8FE24}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F66FC13-DABE-4227-8C8A-3374E6B8FE24}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52491F60-7002-45BE-BB80-713532D7B042}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52491F60-7002-45BE-BB80-713532D7B042}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA69C5D7-BC6D-43F3-8FE0-76EF5747A32B}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA69C5D7-BC6D-43F3-8FE0-76EF5747A32B}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9AD2E35B-FC3B-4769-BFC5-F468FA777BB8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9AD2E35B-FC3B-4769-BFC5-F468FA777BB8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35FE42A5-B979-435E-82EB-C2B1DD4B4225}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35FE42A5-B979-435E-82EB-C2B1DD4B4225}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB686D75-DBF3-484E-8411-A9600B739ED4}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB686D75-DBF3-484E-8411-A9600B739ED4}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8619D3E9-1F13-4E4F-BB64-60810DDDDAFD}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8619D3E9-1F13-4E4F-BB64-60810DDDDAFD}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E30948E2-757B-40C6-A29B-64BC3E554462}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E30948E2-757B-40C6-A29B-64BC3E554462}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{746FE680-FFB3-421F-8C8E-955740C5588E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{746FE680-FFB3-421F-8C8E-955740C5588E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
md usa spybot fan
2008-10-08, 16:44
Missionaryman:
… The result: " There are 5 problems" (written on the bottom of the window) but I have no a window, where I can check the "problem" or to click "fix selected problems". …
… "You'll have to click on the "Search&Destroy" tab. This is mean, I have to start a third Full scan? …
No you don't have to run another scan.
After running the scan and before closing the Spybot GUI, if you click on the "Search & Destroy" button in the left hand pane the results of the scan will be displayed in the right hand pane.
I have attached three graphics to show you my results. Exhibit A is the GUI after the scan. Exhibit B shows the button to click. Exhibit C is the results displayed after clicking on the "Search & Destroy" button in the left hand pane.
Missionaryman
2008-10-09, 01:53
Wow,
Thank you so much.
How blind I was, it`s a shame.
`hope at the next time S&D will not collapse at the end of the scan.
Thank you again.
M.
Missionaryman
2008-10-12, 12:30
The solution was:
After a scan, I got only green stuff, one by one I selected and it was fixed except one, some office entry what needed a reboot.The reboot could not solve the problem. I right clicked to that result, I went to that specific folder and I deleted those shortcuts.
No more error, everything is fine.
I am thankful for the all "Spybot" team, all the helpers especially for "md usa spybot fan" and "drragostea".
drragostea
2008-10-13, 03:27
You're very welcome.