View Full Version : Hijack This Log and More... please help
I've got a wheelchair icon that seems to rotate between that and a red "not" symbol circle with a diagonal slash through it. I believe this is related to a zlob downloader or something. So here's my Full logs.
Logfile of HijackThis v1.99.1
Scan saved at 2:41:28 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1
\MULTIS~2.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\G-series
Software\LGDCore.exe
C:\Program Files\Logitech\G-series
Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA
Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDClock.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program
Files\HighCriteria\TotalRecorder\TotRecSched.
exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDMedia.exe
C:\Program Files\Motherboard Monitor 5
\MBM5.EXE
C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\?icrosoft.NET\n?tepad.exe
C:\Program Files\ewido\security
suite\ewidoctrl.exe
C:\Program Files\ewido\security
suite\ewidoguard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet
Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {1DF9DFC3-
670C-4AF8-2C05-3FB6791EACCA} -
C:\WINDOWS\system32\srd.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9
-c75078eb7c8e} - C:\WINDOWS\system32
\hpC107.tmp (file missing)
O4 - HKLM\..\Run: [Launch LGDCore]
"C:\Program Files\Logitech\G-series
Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program
Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program
Files\NVIDIA
Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler]
"C:\Program
Files\HighCriteria\TotalRecorder\TotRecSched.
exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program
Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1
\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rnss] "C:\PROGRA~1
\COMMON~1\SKS~1\wuauclt.exe" -vt yax
O4 - HKCU\..\Run: [Kasyhvc] C:\Program
Files\?icrosoft.NET\n?tepad.exe
O4 - Startup: Xfire.lnk = C:\Program
Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll (file
missing)
O9 - Extra 'Tools' menuitem: Sun Java Console
- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
(file missing)
O9 - Extra button: Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-
A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/x
scan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-
4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/housecall/a
pplet/html/native/x86/win32/activex/hcImpl.ca
b
O16 - DPF: {74CD40EA-EF77-4BAD-808A-
B5982DA73F20} (YazzleActiveX Control) -
http://yax-
download.yazzle.net/YazzleActiveX.cab?
refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-
5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5fr
ee/asinst.cab
O20 - Winlogon Notify: Multi - C:\Program
Files\Stardock\ThinkDesk\Multiplicity\MultiWi
n32.dll
O20 - Winlogon Notify: winuqw32 -
winuqw32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. - C:\PROGRA~1
\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control -
ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard -
ewido networks - C:\Program
Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: Macromedia Licensing Service -
Unknown owner - C:\Program Files\Common
Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: Stardock Multiplicity
(Multiplicity) - Unknown owner - C:\PROGRA~1
\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service
(StarWindService) - Rocket Division Software
- C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindService.exe
Ugh that came out nasty. here's a re-paste since i can't figure out how to edit posts.
Logfile of HijackThis v1.99.1
Scan saved at 2:54:54 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\?icrosoft.NET\n?tepad.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {1DF9DFC3-670C-4AF8-2C05-3FB6791EACCA} - C:\WINDOWS\system32\srd.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpC107.tmp (file missing)
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rnss] "C:\PROGRA~1\COMMON~1\SKS~1\wuauclt.exe" -vt yax
O4 - HKCU\..\Run: [Kasyhvc] C:\Program Files\?icrosoft.NET\n?tepad.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Ewido Scan
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:22:34 PM, 4/25/2006
+ Report-Checksum: D41C2DA1
+ Scan result:
:mozilla.7:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Epilot : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Etracker : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Shoeby\Application Data\Mozilla\Firefox\Profiles\xflq8s84.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Shoeby\Cookies\shoeby@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Shoeby\Cookies\shoeby@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Shoeby\Cookies\shoeby@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Shoeby\Cookies\shoeby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Shoeby\Cookies\shoeby@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup
::Report End
Spybot S and D Log part 1
--- Search result list ---
Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1715567821-2000478354-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
Windows Security Center.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-04-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-21 Includes\Cookies.sbi (*)
2006-04-21 Includes\Dialer.sbi (*)
2006-04-21 Includes\Hijackers.sbi (*)
2006-04-21 Includes\Keyloggers.sbi (*)
2006-04-21 Includes\Malware.sbi (*)
2006-04-21 Includes\PUPS.sbi (*)
2006-04-21 Includes\Revision.sbi (*)
2006-04-21 Includes\Security.sbi (*)
2006-04-21 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-04-21 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 357888
MD5: 679093afd939b3c1b88110ebf859984d
Located: HK_LM:Run, Launch LCDMon
command: "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
file: C:\Program Files\Logitech\G-series Software\LCDMon.exe
size: 188416
MD5: e0076400d754186d673c1f92fe956852
Located: HK_LM:Run, Launch LGDCore
command: "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
file: C:\Program Files\Logitech\G-series Software\LGDCore.exe
size: 1110079
MD5: 84b96bae4e191cd2ccd42e67d3dff75f
Located: HK_LM:Run, MBM 5
command: "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
file: C:\Program Files\Motherboard Monitor 5\MBM5.EXE
size: 594944
MD5: 64134b9862d779467bf8fc75c643dcd8
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NVMixerTray
command: "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 9a41cd3bef74884c2c9e1269b8a6a566
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: d3f21082550fdf18324ffbd8e6be21a9
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:Run, TotalRecorderScheduler
command: "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
file: C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
size: 81920
MD5: 6e5b409678965ea1bf0b2b52546ecdd0
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, Kasyhvc
command: C:\Program Files\?icrosoft.NET\n?tepad.exe
file:
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: b53343fe60a33ee765c2476d50d27b26
Located: HK_CU:Run, Rnss
command: "C:\PROGRA~1\COMMON~1\SKS~1\wuauclt.exe" -vt yax
file:
Located: Startup (user), Xfire.lnk
command: C:\Program Files\Xfire\Xfire.exe
file: C:\Program Files\Xfire\Xfire.exe
size: 3955336
MD5: 8e814b37706dedaecd33363174a11c9d
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, Multi
command: C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
file: C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
size: 90112
MD5: 8f67b0ab6095614d4d5b997ea8a824e5
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, winuqw32
command: winuqw32.dll
file: winuqw32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} (Nothing)
BHO name:
CLSID name: Nothing
Path: C:\WINDOWS\system32\
Long name: hpC107.tmp
--- ActiveX list ---
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan60.inf
Codebase: http://housecall60.trendmicro.com/housecall/xscan60.cab
description:
classification: Legitimate
known filename: xscan60.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name:
Date (created): 5/3/2005 11:45:54 AM
Date (last access): 4/25/2006 11:41:44 AM
Date (last write): 5/3/2005 11:45:54 AM
Filesize: 475190
Attributes: archive
MD5: 145C288D55A91D6469223136EA93A406
CRC32: A36DBA2A
Version: 6.0.0.1261
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
DPF name:
CLSID name: Housecall ActiveX 6.5
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 2/2/2006 4:22:42 PM
Date (last access): 4/25/2006 11:41:44 AM
Date (last write): 2/2/2006 4:22:42 PM
Filesize: 357376
Attributes: archive
MD5: D91BD5AA0DA1728C1B11ECB5A7D4B3D7
CRC32: B40F7F41
Version: 6.5.2.7
{74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control)
DPF name:
CLSID name: YazzleActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
Codebase: http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
Path: C:\WINDOWS\DOWNLO~1\
Long name: YazzleActiveX.ocx
Short name: YAZZLE~1.OCX
Date (created): 4/18/2006 10:46:58 AM
Date (last access): 4/25/2006 11:55:26 AM
Date (last write): 4/18/2006 10:46:58 AM
Filesize: 245760
Attributes: archive
MD5: 6B2408D6736AC6A5BE72E8BBFEDCCC73
CRC32: 21AE7BF6
Version: 1.0.0.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 4/25/2006 11:34:42 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2006 5:10:10 PM
Date (last access): 4/25/2006 1:38:02 PM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 4/25/2006 2:02:44 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 4/25/2006 2:02:44 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 4) \SystemRoot\System32\smss.exe
PID: 192 ( 144) \??\C:\WINDOWS\system32\csrss.exe
PID: 216 ( 144) \??\C:\WINDOWS\system32\winlogon.exe
PID: 260 ( 216) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 272 ( 216) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 428 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 472 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 520 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2000 ( 896) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 276 (2000) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 460 (2000) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/25/2006 2:02:43 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{32E3147A-FA8C-4AE1-8D34-F5DC34FC15E8}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{32E3147A-FA8C-4AE1-8D34-F5DC34FC15E8}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D5D6D19-41F2-4D70-A697-1C3C266ABB19}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D5D6D19-41F2-4D70-A697-1C3C266ABB19}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E4CB062-A874-4F67-9709-A8E17AFEA7D2}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E4CB062-A874-4F67-9709-A8E17AFEA7D2}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1873E357-D908-4E80-B9F3-FCB7A57D18C8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1873E357-D908-4E80-B9F3-FCB7A57D18C8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Spybot S and D Report part 2
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Arial Sound Recorder version 1.3 (Arial Sound Recorder_is1)
install location: C:\Program Files\Arial Sound Recorder\
uninstall cmd: "C:\Program Files\Arial Sound Recorder\unins000.exe"
AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
(Branding)
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
Exact Audio Copy 0.95b4 0.95b4 (Exact Audio Copy)
uninstall cmd: C:\Program Files\Exact Audio Copy\uninst.exe
publisher: Andre Wiethoff
(Fontcore)
Fraps (remove only) (Fraps)
uninstall cmd: "C:\Fraps\uninstall.exe"
Gaim (remove only) (Gaim)
uninstall cmd: C:\Program Files\Gaim\gaim-uninst.exe
GTK+ Runtime 2.6.9 rev a (remove only) (GTK 2.0)
uninstall cmd: C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
IGN Download Manager 2.1.2 2.1.2 (IGN Download Manager)
uninstall cmd: C:\Program Files\IGN\Download Manager\uninst.exe
publisher: IGN Entertainment, Inc.
(InstallShield Uninstall Information)
(InstallShield_{1511AACF-4D88-46AF-88A1-D1194010CA2E})
Quake 4(TM) 1.0.4 (InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20})
version: 16777216
version (major): 1
estimated size: 2533200
install date: 20060320
install location: C:\Program Files\id Software\Quake 4\
install source: E:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1033
publisher: Activision
Vanguard - Saga of Heroes 1.00.0000 (InstallShield_{2D9C0CC6-FD3E-4C2B-B2BD-5C8A670C4E0F})
version: 16777216
version (major): 1
estimated size: 17201160
install date: 20060328
install location: C:\Program Files\Microsoft Games\Vanguard - Saga of Heroes\
install source: C:\download\temp\Vanguard\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{2D9C0CC6-FD3E-4C2B-B2BD-5C8A670C4E0F}
publisher: Microsoft Game Studios
IrfanView (remove only) (IrfanView)
uninstall cmd: C:\Program Files\IrfanView\iv_uninstall.exe
(KB884016)
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
K-Lite Codec Pack 2.70 Basic 2.70 (KLiteCodecPack_is1)
install location: C:\Program Files\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Longtion GIF Animator version 4.0 (Longtion GIF Animator_is1)
uninstall cmd: "C:\Program Files\Longtion\GIFAnimator\unins000.exe"
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
mIRC (mIRC)
uninstall cmd: "C:\Program Files\mIRC\mirc.exe" -uninstall
(MobileOptionPack)
Motherboard Monitor 5 5 (Motherboard Monitor 5_is1)
install location: C:\Program Files\Motherboard Monitor 5\
uninstall cmd: "C:\Program Files\Motherboard Monitor 5\unins000.exe"
publisher: Alexander van Kaam
Mozilla Firefox (1.5.0.2) 1.5.0.2 (en-US) (Mozilla Firefox (1.5.0.2))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.2 (en-US)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Multiplicity (Multiplicity)
uninstall cmd: C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\UNWISE.EXE C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\INSTALL.LOG
(NetMeeting)
NewsReactor (remove only) (NewsReactor)
uninstall cmd: "C:\Program Files\NewsReactor\uninst.exe"
NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
(OutlookExpress)
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
QuickPar 0.9 0.9 (QuickPar)
uninstall cmd: C:\Program Files\QuickPar\uninst.exe
publisher: Peter B. Clements
QuickTime Alternative 1.68 1.68 (QuicktimeAlt_is1)
install location: C:\Program Files\QuickTime Alternative\
uninstall cmd: "C:\Program Files\QuickTime Alternative\unins000.exe"
(SchedulingAgent)
Shadowbane - Throne of Oblivion 1.0.0.0 (Shadowbane - Throne of Oblivion)
install date: Sat Mar 18 11:45:42 EST 2006
install location: C:\Program Files\Ubisoft\Shadowbane - Throne of Oblivion
uninstall cmd: "C:\Program Files\Ubisoft\Shadowbane - Throne of Oblivion\UninstallerData\Uninstall Shadowbane - Throne of Oblivion.exe"
publisher: Ubisoft
help link: http://sbsupport.ubi.com
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
StepMania (remove only) (StepMania)
uninstall cmd: "C:\Program Files\StepMania\uninstall.exe"
Aero SWF.max 1.4.755 (SWF.max)
uninstall cmd: C:\Program Files\SWF.max\uninstall.exe
publisher: .max
help link: support@swfmax.com
TeamSpeak 2 RC2 2.0.32.60 (Teamspeak 2 RC2_is1)
uninstall cmd: "C:\Program Files\Teamspeak2_RC2\unins000.exe"
publisher: Dominating Bytes Design
help link: http://www.teamspeak.org
Total Recorder 4.4 (TotalRecorder)
uninstall cmd: "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Unreal Tournament 2004 (UT2004)
uninstall cmd: d:\games\UT2004\System\Setup.exe uninstall "UT2004"
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
World of Warcraft (World of Warcraft)
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) (Xfire)
uninstall cmd: "C:\Program Files\Xfire\uninst.exe"
XTreme-G 83.20.v2 (XTreme-G Drivers_is1)
install location: C:\Program Files\XTreme-G 83.20.v2\
uninstall cmd: "C:\Program Files\XTreme-G 83.20.v2\unins000.exe"
publisher: TweaksRUs
help link: http://www.TweaksRUs.com
YazzleActiveX By OIN 1.0 (YazzleActiveX)
install location: C:\WINDOWS\Downloaded Program Files
uninstall cmd: C:\WINDOWS\YAXUninst.exe
publisher: OuterInfo Network
comments: Please visit http://partners.yazzle.net/affiliate/eula.php or e-mail support@outerinfo.com for information about YazzleActiveX.
contact: support@outerinfo.com
help link: mailto:support@outerinfo.com
readme: http://www.outerinfo.com/support.html
Macromedia Dreamweaver MX 2004 7.0 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macromedia\Dreamweaver MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/dreamweaver_support/
OpenOffice.org 2.0 2.0.9011 ({08D2F839-A9FD-4F5A-A529-D45FF6E238A3})
version: 33563443
version (major): 2
estimated size: 249004
install date: 20060317
install source: C:\Documents and Settings\Shoeby\Desktop\OpenOffice.org 2.0 Installation Files\
uninstall cmd: MsiExec.exe /I{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}
publisher: OpenOffice.org
comments: OpenOffice.org 2.0 (en-US) (OOB680m5(Build:9011))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx
Logitech G-series Keyboard Software 1.00.0000 ({0AE04A46-AA6D-430F-AE18-ACE1D5E59C0F})
version: 16777216
version (major): 1
estimated size: 2459
install date: 20060210
install location: C:\Program Files\Logitech\G-series Software\
install source: E:\x86\Multi\
uninstall cmd: MsiExec.exe /X{0AE04A46-AA6D-430F-AE18-ACE1D5E59C0F}
publisher: Logitech
contact: Customer Support
help link: http://www.logitech.com/support
help telephone: +1 702-269-3457
Quake 4(TM) 1.0.4 Patch 1.0 ({1511AACF-4D88-46AF-88A1-D1194010CA2E})
version: 16777216
version (major): 1
estimated size: 13616
install date: 20060320
install location: C:\Program Files\id Software\Quake 4\
install source: C:\DOCUME~1\Shoeby\LOCALS~1\Temp\_is114\
publisher: Activision
Quake 4(TM) 1.0 ({152B782A-05F3-48EC-9AAC-4D3EB68D9E20})
version: 16777216
version (major): 1
estimated size: 2533200
install date: 20060320
install location: C:\Program Files\id Software\Quake 4\
install source: E:\
publisher: Activision
Vanguard - Saga of Heroes 1.00.0000 ({2D9C0CC6-FD3E-4C2B-B2BD-5C8A670C4E0F})
version: 16777216
version (major): 1
estimated size: 17201160
install date: 20060328
install location: C:\Program Files\Microsoft Games\Vanguard - Saga of Heroes\
install source: C:\download\temp\Vanguard\
publisher: Microsoft Game Studios
Advanced Installer 3.8.1 3.8.1 ({304D739B-2F0A-4BA8-A561-070D2BD6DF8B})
version: 50855937
version (major): 3
version (minor): 8
estimated size: 10153
install date: 20060328
install location: C:\Program Files\Caphyon\Advanced Installer\
install source: C:\Documents and Settings\Shoeby\My Documents\
uninstall cmd: MsiExec.exe /I{304D739B-2F0A-4BA8-A561-070D2BD6DF8B}
publisher: Caphyon
comments: This installer database contains the logic and data required to install Advanced Installer.
contact: support@advancedinstaller.com
help link: http://www.advancedinstaller.com/forums/
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20060425
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060210
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Oblivion 1.00.0000 ({35CB6715-41F8-4F99-8881-6FC75BF054B0})
version: 16777216
install date: 20060329
install location: D:\Games\Oblivion
install source: F:\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
publisher: Bethesda Softworks
comments: The Elder Scrolls IV: Oblivion
help link: http://support.bethsoft.com
readme: D:\Games\Oblivion\readme.txt
LcdStudio 2.0 build 612 2.0.0 ({40E052E0-99EE-484B-A9DD-67825DB0CCF7})
version: 33554432
version (major): 2
estimated size: 5584
install date: 20060312
install source: C:\Documents and Settings\Shoeby\My Documents\My Downloads\
uninstall cmd: MsiExec.exe /I{40E052E0-99EE-484B-A9DD-67825DB0CCF7}
publisher: Ray Molenkamp
PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20060219
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com
SpeechRedist 1.0.0 ({8795CBED-55E2-4693-9F14-84EC446935BE})
version: 16777216
version (major): 1
estimated size: 60209
install date: 20060221
install source: E:\Speech\Redist\
uninstall cmd: MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
publisher: Epic Games Inc.
contact: Epic Games Inc.
Macromedia Extension Manager 1.5 ({A5BA14E0-7384-11D4-BAE7-00409631A2C8})
version (major): 1
version (minor): 5
install location: C:\Program Files\Macromedia\Extension Manager
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/exchange/
Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70700000002})
version: 117440519
version (major): 7
estimated size: 66656
install date: 20060220
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 55399
install date: 20060210
install source: C:\DOCUME~1\Shoeby\LOCALS~1\Temp\IS1F.tmp\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
NvMixer ({D7A6C517-11F2-419F-B5BB-27772B939698})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
FTP Surfer 1.00.0700 ({E518C80C-C549-40E1-844C-669ED64195D3})
version: 16777916
version (major): 1
estimated size: 1589
install date: 20060221
install source: C:\DOCUME~1\Shoeby\LOCALS~1\Temp\_is23\
uninstall cmd: MsiExec.exe /I{E518C80C-C549-40E1-844C-669ED64195D3}
publisher: Whisper Technology Limited
help link: http://www.ftpsurfer.com
({E9F81423-211E-46B6-9AE0-38568BC5CF6F})
SMITfiles.txt
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/25/2006
The current time is: 13:54:57.42
Running from
C:\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
ld****.tmp
ncompat.tlb
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 744 'explorer.exe'
Killing PID 744 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
LonnyRJones
2006-04-26, 09:52
Welcome Shoeby
Run hijackthis click >"config" then "misc tools" >"delete file on reboot"
(exact spelling counts!!! so dont browse to the file)
Copy/Paste the bolded line below into the File name box then click Open.
C:\WINDOWS\system32\twain32.dll
Answer no to the prompt to reboot
Hit >back< then > Scan and Place a check next to these items.
R3 - URLSearchHook: (no name) - {1DF9DFC3-670C-4AF8-2C05-3FB6791EACCA} - C:\WINDOWS\system32\srd.dll (file missing)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpC107.tmp (file missing)
O4 - HKCU\..\Run: [Rnss] "C:\PROGRA~1\COMMON~1\SKS~1\wuauclt.exe" -vt yax
O4 - HKCU\..\Run: [Kasyhvc] C:\Program Files\?icrosoft.NET\n?tepad.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
=============
Now hit fix checked close hijackthis and restart your PC
When back post another hijackthis log and one from this tool please.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Also:
Download "Suspicious File Packer" Third one on this page >
http://www.safer-networking.org/en/tools/index.html
To your desktop, unzip the file inside
run sfp.exe copy then paste the list below into it and hit continue.
C:\PROGRA~1\COMMON~1\SKS~1\*.*
C:\Program Files\?icrosoft.NET\*.*
a .cab file will have been created on your desktop
Send it to submitlonny AT subratam.org
Replace AT with @ and remove spaces, then include a link back to this thread.
This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.
Thank you Lonny.