PDA

View Full Version : Can't Get Any Updates



HrRbrtJ
2006-04-23, 01:24
:confused: When I activate Spybot S&D v1.4, the "Update Progress" screen appears while Spybot is loading.
It goes off, when "Compatibility Warnings......." appears.
Click "OK", and Spybot opens.
Click "Search for Updates", and "Update Progress" appears, and then disappears.

Clicking "Search for Updates", repeatedly, brings the same results.
I never actually get a "Search", therefore, I never get an "Update".

How can I fix this problem?

spybotsandra
2006-04-24, 11:05
Hello,

Which other security softwares do you run?

Best regards
Sandra
Team Spybot

HrRbrtJ
2006-04-24, 22:41
Which other security softwares do you run?


I run the following:

Norton Internet Security
Ad-Aware SE Personal
Spyware Blaster
Microsoft Spyware
eTrust PestPatrol

spybotsandra
2006-04-25, 10:22
Hello,

Seems to be a problem with Norton Internet Security.

We are still trying to contact Symantec because this compatibility problem is a new issue to us.
It seem that they have start it since Norton Antivirus 2006. We are still waiting for an explanation of Symantec.
We have tested Norton Internet Security 2006 version 9.0 and we didn't get any problems with Spybot-S&D.
Here are similar experiences from other users:
http://www.dozleng.com/updates/lofiversion/index.php/t8378.html

All what we can say yet is to uninstall Spybot-S&D or not to use Norton Antivirus 2006.

Here is an uninstall instruction for Spybot-S&D:
http://www.safer-networking.org/en/faq/27.html

Sorry, that we cannot give you more information but this is all what know in the moment.

Best regards
Sandra
Team Spybot

HrRbrtJ
2006-04-25, 22:30
I am running Norton Internet Security 2004, not 2006.

I shut down Norton Internet Security 2004, the anti virus, and the firewall.

Theoretically, I should now be able to download the updates, because Norton Internet Security 2004, is no longer running.

But I can still not download updates. :scratch:

Can you explain this.

Thank you, Bob

HrRbrtJ
2006-05-09, 01:31
"Can you explain this?"

I guess not!!! :(

tashi
2006-05-09, 09:42
Hello HrRbrtJ.
Can you run a scan? If so:

Open SpyBot
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

Regards.

HrRbrtJ
2006-05-09, 20:38
The following errors occurred when this message was submitted:
The text that you have entered is too long (58707 characters). Please shorten it to 20000 characters long.

How do I shorten the report?

md usa spybot fan
2006-05-09, 23:24
Did you do the following when producing the report?
Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Are you trying to attach the report or paste it into the reply?

Try to attach the report as follows:
Go into the "Additional Options" below posting area and in the "Attach Files" section click on "Manage Attachments". In the "Upload File from your Computer" section click "Browse...", navigate to the saved file and then click "Upload".

HrRbrtJ
2006-05-10, 17:37
This is what I get when I upload the report. I then copied and pasted it.
I followed all instructions, as given. I also get rejected when I copy and try to post the report from My Documents.The report is even larger when I run in the advanced mode.



Close this window Manage Attachments
Upload Errors
SpybotSD.Report.txt:
Your file of 47.8 KB bytes exceeds the forum's limit of 39.1 KB for this filetype.
Upload File from your Computer

Upload File from an URL


Uploading File(s) - Please Wait
Attachment Key
Filetype Max Filesize Max Width Max Height
bmp 39.1 KB 1024 768
doc 39.1 KB - -
gif 39.1 KB 1024 768
jpe 39.1 KB 1024 768
jpeg 39.1 KB 1024 768
jpg 39.1 KB 1024 768
pdf 39.1 KB - -
png 39.1 KB 1024 768
psd 39.1 KB - -
txt 39.1 KB - -
zip 39.1 KB - -

md usa spybot fan
2006-05-10, 17:53
HrRbrtJ:

Then break it up and paste it into multiple posts.

HrRbrtJ
2006-05-10, 22:44
md usa spybot fan:
--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-11-03 S&D14 GUI PATCH.exe
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-04-22 TeaTimer.exe (1.4.0.2)
2005-09-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-05 Includes\Cookies.sbi (*)
2006-05-05 Includes\Dialer.sbi (*)
2006-05-05 Includes\Hijackers.sbi (*)
2006-05-05 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-05-05 Includes\Malware.sbi (*)
2006-05-05 Includes\PUPS.sbi (*)
2006-05-05 Includes\Revision.sbi (*)
2006-05-05 Includes\Security.sbi (*)
2006-05-05 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-05 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB905915
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB912812
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB887797
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows XP / SP0: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Windows XP Hotfix - KB817611
/ Windows XP / SP2: Advanced Networking Pack for Windows XP
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB826942
/ Windows XP / SP2: Windows XP Hotfix - KB826959
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB833998
/ Windows XP / SP2: Windows XP Hotfix - KB834030
/ Windows XP / SP2: Update for Windows XP (KB835409)
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB871250
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix - KB883357
/ Windows XP / SP2: Windows XP Hotfix - KB891711
/ Windows XP / SP2: Security Update for Windows XP (KB896426)
/ Windows XP / SP2: Security Update for Windows XP (KB905495)
/ Windows XP / SP2: Security Update for Windows XP (KB914798)
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328213
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329112
/ Windows XP / SP2: Windows XP Hotfix (SP2) q329623
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329909
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q331060 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811789
/ Windows XP / SP2: Windows XP Hotfix (SP2) q812415
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q813862
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q816486
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q816981
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817472
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)

HrRbrtJ
2006-05-10, 22:47
--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71328
MD5: 3d96c281a211864373fb2841694cefb4

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2bff8a443334a034df73d2c8d808d2a7

Located: HK_LM:Run, eTrustPPAP
command: "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
file: C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
size: 122880
MD5: 2c57444e91d58dc93fe22d29e9c2b6f7

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c

Located: HK_LM:Run, IntelliPoint
command: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
file: C:\Program Files\Microsoft IntelliPoint\point32.exe
size: 163840
MD5: f572c7aa83f7adfff6a6e10fea6bcc2f

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, URLLSTCK.exe
command: C:\Program Files\Norton Internet Security\UrlLstCk.exe
file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
size: 70800
MD5: 82ad82d69906784633f51dd7ca2248d8

Located: HK_CU:Run, Associate This
command: "C:\Program Files\Spearit\Associate This\AsThis.exe" /autostart
file: C:\Program Files\Spearit\Associate This\AsThis.exe
size: 2023424
MD5: 5c7bc142164801536df53ec495d48ff3

Located: HK_CU:Run, Sonic RecordNow!
command:
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: bf7e563f3c28799e612acbfc2fd089c5

Located: Startup (common), 1-Click Answers.lnk
command: C:\Program Files\1-Click Answers\answers.exe
file: C:\Program Files\1-Click Answers\answers.exe
size: 638976
MD5: e45b318af2af554939ff4b1c144ec207

Located: Startup (user), MailWasherPro.lnk
command: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
file: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 5661184
MD5: 27a8f31bad596e2448b82cf0b4c58a44

Located: Startup (user), MRU-Blaster Silent Clean.lnk
command: C:\Program Files\MRU-Blaster\mrublaster.exe
file: C:\Program Files\MRU-Blaster\mrublaster.exe
size: 1200128
MD5: ac8283b5453bb9a7e926e93484729056

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, PCANotify
command: PCANotify.dll
file: PCANotify.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 1/12/2006 9:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/17/2005 11:03:00 AM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 3/31/2006 5:43:52 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 8/6/2003 2:04:00 AM
Filesize: 106548
Attributes: archive
MD5: 15F6F27916A2D2AF3ABF029F6CF3037B
CRC32: 808FB6C8
Version: 1.4.5.1

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
BHO name:
CLSID name: CNisExtBho Class
description: NIS 2004,
classification: Legitimate
known filename: NISShExt.dll
info link: http://www.symantec.com/sabu/nis/nis_pe/
info source: TonyKlein
Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\
Long name: NISShExt.dll
Short name:
Date (created): 11/21/2003 5:04:52 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 11/21/2003 5:04:52 PM
Filesize: 126976
Attributes: archive
MD5: AA25220AFA13EECBE417A96DFEE4DF88
CRC32: BF3755F7
Version: 7.0.1.11

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 4/7/2006 2:10:54 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 2/14/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0

{BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
BHO name:
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 6/2/2004 9:00:58 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 12/4/2003 6:22:30 PM
Filesize: 103368
Attributes: archive
MD5: 65C8A602DFA9D5860F1E328CB8575317
CRC32: 929FB7E0
Version: 10.0.10.13

{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} (Fire-Trust SiteHound)
BHO name: Fire-Trust SiteHound
CLSID name: CPub Object
Path: C:\Program Files\FireTrust\SiteHound\
Long name: SiteHound.dll
Short name: SITEHO~1.DLL
Date (created): 3/8/2006 9:10:10 AM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 3/8/2006 9:10:10 AM
Filesize: 1335296
Attributes: archive
MD5: 729F2B28561F0B53D597CDAC19A482FB
CRC32: B907ED2A
Version: 1.4.1.0

{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} (PosHelp)
BHO name: PosHelp
CLSID name: Advanced Searchbar
Path: C:\PROGRA~1\ADVANC~1\
Long name: advancedsearchbar.dll
Short name: ADVANC~1.DLL
Date (created): 3/14/2006 10:15:56 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 2/26/2006 4:14:00 PM
Filesize: 450560
Attributes: archive
MD5: 305388FADC7F0C9444F733104E671708
CRC32: 5CEA0041
Version: 2.0.0.0

{EC732582-7C24-4301-87F4-724E0DB3FDD4} (PassCrypt)
BHO name: PassCrypt
CLSID name: PassHlprObj Class
Path: C:\Program Files\Permutations Software\PassCrypt\
Long name: passhlprnt.dll
Short name: PASSHL~1.DLL
Date (created): 5/8/2004 5:58:24 PM
Date (last access): 5/10/2006 9:24:14 AM
Date (last write): 5/8/2004 5:58:24 PM
Filesize: 65536
Attributes: archive
MD5: EEB5D1C4FE77048ED5D3F1E711A71B78
CRC32: 1D7CA210
Version: 1.0.0.1

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein

HrRbrtJ
2006-05-10, 22:49
--- ActiveX list ---
{01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class)
DPF name:
CLSID name: SupportSoft Script Runner Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\tgctlsr.inf
Codebase: http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: tgctlsr.dll
Short name:
Date (created): 2/2/2005 6:07:06 PM
Date (last access): 5/9/2006 5:00:30 PM
Date (last write): 2/2/2005 6:07:06 PM
Filesize: 413696
Attributes: archive
MD5: FE4EB83B6691A2D2DBBE74212FACD9F7
CRC32: E7128A90
Version: 6.7.575.0

{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Open for discussion
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 3/3/2006 5:32:36 PM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 3/3/2006 5:32:36 PM
Filesize: 263456
Attributes: archive
MD5: 4C4E5E0791405EE808B53DD5B8DE2E3E
CRC32: 644A9B79
Version: 1.0.0.147

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 4/10/2006 1:00:34 PM
Date (last access): 5/10/2006 9:25:18 AM
Date (last write): 4/10/2006 1:00:34 PM
Filesize: 555824
Attributes: archive
MD5: 593F9787C3161CC77FA9B4BEBE823582
CRC32: B36241BF
Version: 1.5.526.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 2/18/2005 4:11:56 PM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 2/18/2005 4:11:56 PM
Filesize: 202352
Attributes: archive
MD5: 0A7529D49E89E9CF66102F4527BC9E3D
CRC32: 35DAF580
Version: 2004.12.14.55

{3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer)
DPF name:
CLSID name: PatchInstaller.Installer
Installer: C:\WINDOWS\Downloaded Program Files\XPPatchInstaller.INF
Codebase: file://F:\content\include\XPPatchInstaller.CAB
description:
classification: Legitimate
known filename: XPPatchInstaller.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: XPPatchInstaller.dll
Short name: XPPATC~1.DLL
Date (created): 12/18/2003 12:02:14 PM
Date (last access): 5/9/2006 5:00:30 PM
Date (last write): 12/18/2003 12:02:14 PM
Filesize: 53248
Attributes: archive
MD5: A424F7CA195A407C4179A32CD101A6D7
CRC32: DDBC525E
Version: 1.1.0.0

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc2.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 1/18/2005 1:07:18 AM
Date (last access): 5/10/2006 10:08:18 AM
Date (last write): 1/18/2005 1:07:18 AM
Filesize: 326656
Attributes: archive
MD5: 20393D64F69F26361A97FD9AFB3C9243
CRC32: 0B4DBA7F
Version: 11.0.6466.0

{4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool)
DPF name:
CLSID name: Malicious Software Removal Tool
Installer: C:\WINDOWS\Downloaded Program Files\WebCleaner.inf
Codebase: http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
description:
classification: Legitimate
known filename: WebCleaner.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebCleaner.dll
Short name: WEBCLE~1.DLL
Date (created): 4/6/2006 12:48:36 PM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 4/6/2006 12:48:36 PM
Filesize: 3748256
Attributes: archive
MD5: 863D355498F18C571F60F6DD1BD1CF17
CRC32: 386F95DB
Version: 1.15.1369.0

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 2/18/2005 4:14:28 PM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 2/18/2005 4:14:28 PM
Filesize: 161432
Attributes: archive
MD5: 939BBBD33BF20D0A6BCB687FA9DD9FCD
CRC32: 2ED376BA
Version: 2004.6.23.42

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126918811109
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 5/9/2006 5:00:30 PM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/9/2006 5:00:30 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class)
DPF name:
CLSID name: MSSecurityAdvisorCD Class
Installer: C:\WINDOWS\Downloaded Program Files\msSecucd.inf
Codebase: file://F:\Content\include\msSecUcd.cab
description:
classification: Open for discussion
known filename: mssecucd.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: mssecucd.dll
Short name:
Date (created): 11/3/2003 7:15:22 PM
Date (last access): 5/9/2006 5:00:30 PM
Date (last write): 11/3/2003 7:15:22 PM
Filesize: 30208
Attributes: archive
MD5: AC394A9203EB335D373FE8D1AB317883
CRC32: D145A003
Version: 5.4.3790.18

{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)
DPF name:
CLSID name: cpbrkpie Control
Installer: C:\WINDOWS\Downloaded Program Files\cpbrkpie.inf
Codebase: http://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
description:
classification: Open for discussion
known filename: cpbrkpie.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: cpbrkpie.ocx
Short name:
Date (created): 6/1/2005 11:25:56 AM
Date (last access): 5/10/2006 10:08:18 AM
Date (last write): 6/1/2005 11:25:56 AM
Filesize: 148584
Attributes: archive
MD5: 43A52F9D6736596331F93BF4C275A752
CRC32: 30CF1A6A
Version: 3.3.0.2

{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0)
DPF name: Java Runtime Environment 1.4.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
description: Sun Java 2 Runtime 1.4
classification: Legitimate
known filename: install-14-win.cab
info link:
info source: JavaCool

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi142.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: NPJPI142_06.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: NPJPI150_02.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/10/2006 10:14:42 AM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/10/2006 10:14:42 AM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
description:
classification: Open for discussion
known filename: SymAData.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 5/17/2004 10:05:58 AM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 5/17/2004 10:05:58 AM
Filesize: 156792
Attributes: archive
MD5: B7A28CBD0022210FD0D877C9951694F1
CRC32: C44DD1D5
Version: 2.0.0.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 1/2/2006 12:13:28 PM
Date (last access): 5/10/2006 9:25:16 AM
Date (last write): 1/2/2006 12:13:28 PM
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 8.0.24.0

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
description:
classification: Open for discussion
known filename: ActiveData.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 6/12/2002 1:16:22 PM
Date (last access): 5/10/2006 10:04:34 AM
Date (last write): 6/12/2002 1:16:22 PM
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

HrRbrtJ
2006-05-10, 22:54
{E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control)
DPF name:
CLSID name: Driver Agent ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\driveragent.inf
Codebase: http://driveragent.com/files/driveragent.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: driveragent.ocx
Short name: DRIVER~1.OCX
Date (created): 3/2/2006 1:13:48 PM
Date (last access): 5/9/2006 5:00:32 PM
Date (last write): 3/2/2006 1:13:48 PM
Filesize: 429568
Attributes: archive
MD5: 0A4ED4C5638E34EC5EE5E2866EF8C32B
CRC32: 8AB20B74
Version: 2.2006.3.2

{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Installer: C:\WINDOWS\Downloaded Program Files\qdiagh.inf
Codebase: http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
description:
classification: Open for discussion
known filename: qdiagh.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: qdiagh.ocx
Short name:
Date (created): 7/21/2004 12:32:04 PM
Date (last access): 5/9/2006 5:00:32 PM
Date (last write): 7/21/2004 12:32:04 PM
Filesize: 824432
Attributes: archive
MD5: 002FCDA39C123306601DA15CC3193E20
CRC32: 64FD0E64
Version: 1.0.1.322



--- Process list ---
PID: 0 ( 0) [System]
PID: 600 ( 4) \SystemRoot\System32\smss.exe
PID: 656 ( 600) \??\C:\WINDOWS\system32\csrss.exe
PID: 680 ( 600) \??\C:\WINDOWS\system32\winlogon.exe
PID: 724 ( 680) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 736 ( 680) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 948 ( 724) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1052 ( 724) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1288 ( 724) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1352 ( 724) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1472 ( 724) C:\WINDOWS\system32\spoolsv.exe
size: 53248
MD5: 6B4BF97957A0B8795811975D4BF1ACFE
PID: 188 ( 168) C:\WINDOWS\Explorer.EXE
size: 996352
MD5: A73BC66A95CF4F7B597FC8975778A889
PID: 324 ( 724) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: 1B58EE9929BAB30D06092E584F7D899F
PID: 372 ( 724) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 218736
MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
PID: 456 ( 188) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71328
MD5: 3D96C281A211864373FB2841694CEFB4
PID: 464 ( 188) C:\Program Files\Microsoft IntelliPoint\point32.exe
size: 163840
MD5: F572C7AA83F7ADFFF6A6E10FEA6BCC2F
PID: 472 ( 724) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235168
MD5: 1AADAB9C918622DC836611888CF978A6
PID: 348 ( 188) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: E8177B5150CAB1509D2E9807C3F6366C
PID: 532 ( 188) C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
size: 122880
MD5: 2C57444E91D58DC93FE22D29E9C2B6F7
PID: 540 ( 188) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2BFF8A443334A034DF73D2C8D808D2A7
PID: 588 ( 724) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 336 ( 188) C:\Program Files\Spearit\Associate This\AsThis.exe
size: 2023424
MD5: 5C7BC142164801536DF53EC495D48FF3
PID: 648 ( 188) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: BF7E563F3C28799E612ACBFC2FD089C5
PID: 816 ( 948) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 6287BD6D1CE9CE18EA02908BF415BCB0
PID: 880 ( 336) C:\Program Files\Spearit\Associate This\AsThis.exe
size: 2023424
MD5: 5C7BC142164801536DF53EC495D48FF3
PID: 876 ( 724) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
size: 194272
MD5: DE337E8649E1970C5663999457A9352F
PID: 1500 ( 724) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1600 ( 724) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1768 ( 724) C:\WINDOWS\System32\wwSecure.exe
size: 486400
MD5: FBAE8C008749F6D5DC15D513F60BA75F
PID: 1836 ( 724) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255648
MD5: 71602958E4604106AFFAC4D04616583F
PID: 1920 ( 724) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1644 ( 188) C:\Program Files\1-Click Answers\answers.exe
size: 638976
MD5: E45B318AF2AF554939FF4B1C144EC207
PID: 2216 ( 188) C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 5661184
MD5: 27A8F31BAD596E2448B82CF0B4C58A44
PID: 2204 (1052) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 432 ( 188) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/10/2006 10:14:41 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.comcast.net/home.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.comcast.net/home.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://home.microsoft.com/search/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40DCD448-DB9F-4B23-AC07-020F823A7F1E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40DCD448-DB9F-4B23-AC07-020F823A7F1E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8CB682B-7710-4F60-BF88-B5EE583524B9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8CB682B-7710-4F60-BF88-B5EE583524B9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E6B981B-ADA6-4048-9A3B-64C1307154F4}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E6B981B-ADA6-4048-9A3B-64C1307154F4}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


That's it. Hope you can make some sense out of it. HrRbrtJ

tashi
2006-05-11, 03:56
HrRbrtJ

We could take a look at the system from a different angle.
If you would like us to, please follow the instructions in this sticky topic to post a HJT log.
BEFORE you post a log, and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Start your own topic and copy paste the HJT log into it here:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)

Someone will then take a look at the system as soon as possible.

Manual Updates.
http://www.spybot.info/en/download/index.html
Detection updates 2006-05-12 - product description

md5: 730423B6C2BF258F6B89FD747F839C78

tashi
2006-05-13, 00:31
It was just pointed out to me that you have the updates from 2006-05-05, which is since you started this topic (2006-04-22)

Can you get today's (2006-05-12) updates?

HrRbrtJ
2006-05-13, 02:45
tashi

That was probably, a manual update. I didn't know that it had worked.

I tried again today, as per your instructions, but I don't know if that worked, as I was getting do not open warnings from Tea Timer(?) while I was in safe mode. I tried, and can't connect for any updates in the normal fashion.
Perhaps, I ignored the warning, not to open, on that update that you mentioned.

I ran the HJT, and posted the log in the Malware Forum, this afternoon.

Bob

tashi
2006-05-13, 04:57
Hello HrRbrtJ

There is nothing showing in the Spybot-S&D or HJT logs to show why you cannot obtain updates via the integrated updater.

That narrows it down to:
1) Proxy settings
2) Norton
3) Firewall settings

HrRbrtJ
2006-05-13, 20:04
Hi tashi

I do not use Proxy settings. I use Automatic Configuration.

What could have changed in Norton, or the Firewall?

tashi
2006-05-13, 21:44
Hello.

So it doesn't get confusing we should stay with the one topic for the moment.

http://forums.spybot.info/showthread.php?p=25239#post25239

HrRbrtJ
2006-05-13, 22:03
Hi tashi

I told Calamity Jane, that we would stay with the one topic, at the moment.

Bob

tashi
2006-05-13, 23:12
I linked to the topic where Calamity Jane was assisting you, as she had asked you to fix those items in hjt to see if that helped. I would like to know too.


Also please open Spybot>Help>About
Let us know the version and latest detection update.

HrRbrtJ
2006-05-14, 01:28
tashi
I removed the "orphan" entries. It did not help.

I did not remove the proxy entries, because that is when you told me to stick to one issue.

CalamityJane, has archived that thread.

The version is: 1.4
Latest Detection update: 2006-05-12

Does that mean I got a manual download update?
I was warned to not open that file, and I didn't.

It is still acting as it was in my first post.

Bob

tashi
2006-05-14, 01:36
If you did not download and install the latest definitions manually, then you got them through the integrated updater.

Either way you are up-to-date.

md usa spybot fan
2006-05-15, 14:43
HrRbrtJ:

Do you have a high speed internet connection such as DSL?

Go into Spybot > Mode > Advanced mode > Settings > Settings > 2/3 of the way down the options tree there is a group of option settings title "Web update". Which of the following options do you have checked?

Web update
□ Search the web for new versions at each program start
□ Download updated include files if available online
□ Remind me to look for updates at program start
□ Display available beta versions
□ Display updates for other languages
□ Display new and updated skins
□ Display PGP signature updates
□ Use proxy to connect to update server

HrRbrtJ
2006-05-30, 21:23
I have the following checked.



Web update
□ Search the web for new versions at each program start
□ Download updated include files if available online

md usa spybot fan
2006-05-30, 22:05
HrRbrtJ:

So in reality you've probably been getting updates all along. Double check by going into Spybot > Update (left pane) > on the Update screen click the "Show log" button (right pane) > then scroll to the bottom of the list.

HrRbrtJ
2006-05-30, 22:42
"So in reality you've probably been getting updates all along".

It is up to date to the minute, so apparently it has been updating, but not in it's usual manner.

I can live with that, now that I know where to look for these things.

Thanks for your help. :bigthumb:

Bob

md usa spybot fan
2006-05-30, 22:56
... apparently it has been updating, but not in it's usual manner.
That is because you went into Advanced mode and checked the following options:
Web update
■ Search the web for new versions at each program start.
■ Download updated include files if available online.