View Full Version : need help with win32.autorun.tmp
Hello
I need help getting rid of this annoying win32.autorun.tmp.
S&D can't seem to fix it and it keeps on coming back.
My virus program (AntiVir) also found TR/kazy.k.1.
I tried to download DDS but the download gets canceled. :confused:
Thanks in advance for the help.
--------------------------------
I tried again to download and run dds. When I click on the icon, it says "this is not a valid win32 application". I don't know what I' m doing wrong.
Is there maybe another way to get this log?
Thanks.
Hello
I need help getting rid of this annoying win32.autorun.tmp.
S&D can't seem to fix it and it keeps on coming back.
My virus program (AntiVir) also found TR/kazy.k.1.
I tried to download DDS but the download gets canceled.
Thanks in advance for the help.
--------------------------------
I tried again to download and run dds. When I click on the icon, it says "this is not a valid win32 application". I don't know what I' m doing wrong.
Is there maybe another way to get this log?
Thanks.
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:
Step # 1 Download and run DDS
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or
here (http://www.forospyware.com/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.com)
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Step # 2: Download and Run Gmer
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
In your next post/reply, I need to see the following:
1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log
Use multiple posts if you can't fit everything into one post
hi
thanks for assisting. Im not so goos with the technical part of my pc. how do I disable script blocker. im using avira anti virus and spybot on windows xp. where do disable script blocker.
Kind regards
boy: confused:
To disable Spybot's Teatimer, do the following:
Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
This is a two step process.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
To disable Avira, do the following:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir.png )
right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir_disabled.png )
You can reenable Avira after you've run DDS. :)
thanks
I have run all 2 scans. below is the logs.
kind regards
boy
sorry forgot to add the attach log
Thanks for the logs. :)
From now on, please do not attach any logs I ask for, just post them normally. Only attach them if requested to do so.
Thanks. :)
Step # 1 Remove Logitech Desktop Messenger
You appear to have a program on your system called Logitech® Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program (Start > Control Panel > Add or Remove Programs) but this is entirely your decision. I suggest doing all updates yourself and removing this application!
Step # 2: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
ComboFix 10-09-28.03 - Fredeick King 2010/09/29 21:26:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.339 [GMT 2:00]
Running from: c:\documents and settings\Fredeick King\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\avira_antivir_personal_en
c:\documents and settings\Antje Marder\Application Data\rmhzb.exe
c:\documents and settings\Fredeick King\Application Data\rmhzb.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.
2010-09-29 17:41 . 2010-08-27 13:02 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-29 17:40 . 2010-08-27 12:56 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-29 09:35 . 2010-09-29 09:43 114688 ----a-w- c:\windows\keymail.dll
2010-09-24 20:33 . 2010-09-24 20:33 -------- d-----w- c:\program files\AVG
2010-09-24 18:05 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 19:25 . 2010-09-21 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-21 13:00 . 2010-09-21 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-15 09:32 . 2010-09-15 09:32 -------- d-----w- c:\documents and settings\Fredeick King\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 19:03 . 2009-01-05 16:21 -------- d-----w- c:\program files\Logitech
2010-09-29 17:40 . 2010-01-29 18:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-24 21:22 . 2008-07-28 18:28 -------- d-----w- c:\program files\Google
2010-09-24 20:34 . 2010-09-24 20:34 96520 ----a-w- c:\windows\system32\drivers\avgldx86.sys.old
2010-09-24 20:34 . 2010-09-24 20:34 26184 ----a-w- c:\windows\system32\drivers\avgmfx86.sys.old
2010-09-21 20:39 . 2009-05-22 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-21 18:53 . 2009-05-20 17:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-21 13:35 . 2010-09-21 13:34 668286 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-21 13:32 . 2010-09-21 13:00 76704960 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-19 00:02 . 2009-06-23 07:44 -------- d-----w- c:\documents and settings\Antje Marder\Application Data\Skype
2010-09-18 22:02 . 2009-06-23 07:46 -------- d-----w- c:\documents and settings\Antje Marder\Application Data\skypePM
2010-09-16 20:12 . 2008-11-18 14:02 -------- d-----w- c:\documents and settings\Fredeick King\Application Data\Skype
2010-09-16 17:33 . 2008-11-18 14:03 -------- d-----w- c:\documents and settings\Fredeick King\Application Data\skypePM
2010-09-10 10:14 . 2008-05-14 10:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-01 17:56 . 2010-09-18 21:31 52224 ----a-w- c:\documents and settings\Fredeick King\Application Data\Mozilla\Firefox\Profiles\4b5brozu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-01 17:56 . 2010-09-18 21:31 101376 ----a-w- c:\documents and settings\Fredeick King\Application Data\Mozilla\Firefox\Profiles\4b5brozu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 18:46 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 13:46 . 2010-07-16 13:46 12124624 ----a-w- c:\documents and settings\Fredeick King\Application Data\Adobe\AIR\Updater\Background\1.0\updater
2010-07-08 08:42 . 2010-07-08 08:42 12124624 ----a-w- c:\documents and settings\Antje Marder\Application Data\Adobe\AIR\Updater\Background\1.0\updater
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-04-27 122941]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"Adobe Reader Speed Launcher"="c:\documents and settings\Antje Marder\My Documents\Downloads\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-5-14 1044577]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"=c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"MtdAcq"=c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eabconfg.cpl"=c:\program files\HPQ\Quick Launch Buttons\EabServr.exe /Start
"D-Link AirPlus XtremeG"=c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\documents and settings\Antje Marder\My Documents\Downloads\Reader\Reader_sl.exe"
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009/12/04 11:18 PM 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010/08/27 02:59 PM 1051968]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2008/12/01 06:28 PM 472096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010/02/24 02:41 PM 10064]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PCANDIS5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{ACEFAC6B-4B54-4EC4-B02F-85AF957561B5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: {B49F7AB4-CC50-4ED6-B25A-916417A292AD} = 196.7.0.138,196.7.142.132
TCP: {B8CFEFEA-93C2-44C6-BB4D-71B3F6049C9B} = 196.7.0.138,196.7.132.142
FF - ProfilePath - c:\documents and settings\Fredeick King\Application Data\Mozilla\Firefox\Profiles\4b5brozu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\Fredeick King\Application Data\Mozilla\Firefox\Profiles\4b5brozu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Fredeick King\Application Data\Mozilla\Firefox\Profiles\4b5brozu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Antje Marder\My Documents\Downloads\Reader\browser\nppdf32.dll
FF - plugin: c:\documents and settings\Fredeick King\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 21:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?7?4?7??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Completion time: 2010-09-29 21:42:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-29 19:42
Pre-Run: 18,376,118,272 bytes free
Post-Run: 19,046,162,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - DA7CF7B49E7B6F0D70FF4218F5A57645
Do you recognize the following IP Addresses?
196.7.0.138
196.7.142.132
its show as my WIRELESS (DNS server) . I`M USING A WIRELESS CONNECTION.
its show as my WIRELESS (DNS server) . I`M USING A WIRELESS CONNECTION.
Ok. :) And please don't type in all caps, its considered shouting.
Thanks. :)
Step # 1 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u21 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 SDK, SE v1.4.2_05
Java(TM) 6 Update 7
Java(TM) 6 Update 14
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step # 3 Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
In your next post/reply, I need to see the following:
1. MalwareBytes' Log
2. A fresh DDS Log
hi there
sorry about the caps. here`s the reports.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4725
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010/09/30 11:51:34 PM
mbam-log-2010-09-30 (23-51-34).txt
Scan type: Quick scan
Objects scanned: 147574
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Step # 1 Update Adobe Acrobat Reader
There is a newer version of Adobe Acrobat Reader available. (See Note below)
First, go to Add/Remove Programs and uninstall Adobe Reader 8.2.4.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Note: Adobe 9.3.4 is a large program and if you prefer a smaller program you can get Foxit 4.2.0 instead from http://www.foxitsoftware.com/downloads/index.php
If you decide to install Foxit 4.2.0 instead of Adobe, do the following during Foxit's Setup/Installation process:
Uncheck the following boxes:
I accept the License Terms and want to install Foxit Toolbar
Make Ask.com my default search
Create desktop, quick launch and start menu icon to eBay
Step # 2: Run Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. How is your computer doing, any problems?
hi
On start up it show the following screen.
please select the operating screen.
Microsoft windows recovery console.
do not select this (debugger enabled)
Microsoft windows XP home edition
Kaspersky report.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 01, 2010 06:45:27
Records in database: 4263962
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 83005
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:16:48
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Antje Marder\Application Data\rmhzb.exe.vir Infected: Packed.Win32.Katusha.p 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fredeick King\Application Data\rmhzb.exe.vir Infected: Packed.Win32.Katusha.p 1
C:\System Volume Information\_restore{FEDE6AC6-AA69-4B0D-9107-A5B229724DDE}\RP603\A0168198.exe Infected: Packed.Win32.Katusha.p 1
C:\System Volume Information\_restore{FEDE6AC6-AA69-4B0D-9107-A5B229724DDE}\RP611\A0170306.exe Infected: Packed.Win32.Katusha.p 1
C:\System Volume Information\_restore{FEDE6AC6-AA69-4B0D-9107-A5B229724DDE}\RP611\A0170307.exe Infected: Packed.Win32.Katusha.p 1
Selected area has been scanned.
hi
On start up it show the following screen.
please select the operating screen.
Microsoft windows recovery console.
do not select this (debugger enabled)
Microsoft windows XP home edition
This appeared after you ran ComboFix and it downloaded and installed the Recovery Console. Recovery Console is part of Microsoft and can be used to help fix your computer when you cannot normally boot into Windows. We didn't have to use it, but its best to have it on your computer if you ever need it in the future.
When that screen comes up, just be sure to select Microsoft windows XP home edition and you'll boot into Windows normally. :)
Kaspersky found some files in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll show you how to remove ComboFix in an upcoming post. Kaspersky also found some infected System Restore points. They are harmless where they are, I'll show you how to remove them and set a new, clean Restore Point in an upcoming post.
How is your computer doing?
hi
thanks its running better. i also think its time to invest in a new one. have been using this one for over 5years. but till then im so attached to it.
what else can i do to block tracking cookies.
Kind regards
Boy80
here`s my latest S&D report.
Search result list ---
DoubleClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
HitBox: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Fredeick King (default)) (Cookie, fixed)
Common Dialogs: History (36 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Creative MediaSource: [SBI $EF229FBF] Last media path (left panel) (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Creative Tech\Component Installed\{9C5F55DF-C6C9-42A4-9C18-D71FEE47A70A}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\MediaSource\Settings\LastPathLeft
Creative MediaSource: [SBI $BC5251CC] Last media path (right panel) (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Creative Tech\Component Installed\{9C5F55DF-C6C9-42A4-9C18-D71FEE47A70A}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\MediaSource\Settings\LastPathRight
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Internet Explorer\Download Directory
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\cdn.visiblemeasures.com\configData.sol
Properties.size=313
Properties.md5=F13EA509DE7E3A43B3AE80CADB9124CB
Properties.filedate=1285524534
Properties.filedatetext=2010-09-26 20:08:54
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\cdn.visiblemeasures.com\sessionData.sol
Properties.size=137
Properties.md5=3C438376F95741FCA49634D1278FA1E3
Properties.filedate=1285524536
Properties.filedatetext=2010-09-26 20:08:56
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\cdn.visiblemeasures.com\userData.sol
Properties.size=97
Properties.md5=FC3F395FD9E64459AFA130F3EF6AC336
Properties.filedate=1285524534
Properties.filedatetext=2010-09-26 20:08:54
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\cdn.widgetserver.com\com.quantserve.sol
Properties.size=72
Properties.md5=AB47EBEB41D55F1B4B54542DA3A7EE27
Properties.filedate=1285525932
Properties.filedatetext=2010-09-26 20:32:12
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\d.yimg.com\VolumePrefs.sol
Properties.size=55
Properties.md5=680CC18183453BA30B3B748933B29AE7
Properties.filedate=1285600132
Properties.filedatetext=2010-09-27 17:08:51
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\d1ivexoxmp59q7.cloudfront.net\data.sol
Properties.size=60
Properties.md5=2758786025B79B8205B16756B9DD702B
Properties.filedate=1285526860
Properties.filedatetext=2010-09-26 20:47:39
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\d2syub29v5lge2.cloudfront.net\analytics.sol
Properties.size=457
Properties.md5=61FA518019F69339B310CFB077B03358
Properties.filedate=1286020258
Properties.filedatetext=2010-10-02 13:50:57
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\doug1izaerwt3.cloudfront.net\f38a86f22083188a0a69d64d1487a4078b65db16.sol
Properties.size=75
Properties.md5=17AC555B4E7F12D0F8E4AB00A142AB89
Properties.filedate=1285533346
Properties.filedatetext=2010-09-26 22:35:45
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\flash.quantserve.com\com.quantserve.sol
Properties.size=74
Properties.md5=909C45A20B054DF8A130019316944406
Properties.filedate=1285533344
Properties.filedatetext=2010-09-26 22:35:44
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\inplay.tubemogul.com\InPlayInfo.sol
Properties.size=90
Properties.md5=A1FDA0A1A4DFDCF619B45B8F1ABD5375
Properties.filedate=1285524533
Properties.filedatetext=2010-09-26 20:08:52
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\publish.vx.roo.com\vxFlashPlayer_249e3708-6229-47c5-80a5-723707786748.sol
Properties.size=91
Properties.md5=E2567852C4F98D261ADF6FBA934446F4
Properties.filedate=1285662455
Properties.filedatetext=2010-09-28 10:27:35
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1285599423
Properties.filedatetext=2010-09-27 16:57:03
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\static-cdn.playfish.com\analytics.sol
Properties.size=457
Properties.md5=6740503B239ECB0B75E03FBDE4848386
Properties.filedate=1286020247
Properties.filedatetext=2010-10-02 13:50:46
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\static-cdn.playfish.com\settings.sol
Properties.size=101
Properties.md5=DE89F8682FAA4A9FF908432929F24D10
Properties.filedate=1285535687
Properties.filedatetext=2010-09-26 23:14:47
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\static.slidesharecdn.com\com.quantserve.sol
Properties.size=74
Properties.md5=27E5407305198D1799EC157ED6506031
Properties.filedate=1285533347
Properties.filedatetext=2010-09-26 22:35:46
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\us.mg4.mail.yahoo.com\cookies.sol
Properties.size=67
Properties.md5=703F196989C8E131AFDD521B6A377C71
Properties.filedate=1285753159
Properties.filedatetext=2010-09-29 11:39:18
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=C2F8AFBB77BCBED18F58A30CB1DFD32D
Properties.filedate=1285929209
Properties.filedatetext=2010-10-01 12:33:28
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\flickr.com\slideShow\slideShow.swf\slideShowMS.sol
Properties.size=47
Properties.md5=B5EB1A9D23DCE0DCB62DE457339E1606
Properties.filedate=1285689750
Properties.filedatetext=2010-09-28 18:02:30
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\heias.com\x\heias_sc.swf\heias.sol
Properties.size=62
Properties.md5=2170D276E39FA666F2F4DC3E26398216
Properties.filedate=1285693942
Properties.filedatetext=2010-09-28 19:12:21
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\swf.docstoc.com\swf\DSViewer.2.3.43.swf\swfstats.sol
Properties.size=40
Properties.md5=DB1363C618374006DA93E42440AD721C
Properties.filedate=1285526863
Properties.filedatetext=2010-09-26 20:47:43
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Fredeick King\Application Data\Macromedia\Flash Player\#SharedObjects\MXNUQYZ8\swf.docstoc.com\swf\DSViewer.2.3.43.swf\viewerStats.sol
Properties.size=75
Properties.md5=40AB49905D6F873DB3182CE6618A4E9E
Properties.filedate=1285526865
Properties.filedatetext=2010-09-26 20:47:45
MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex
MS Media Player: [SBI $3B9B7B9A] Last CD record path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation
MS Office 11.0 (Cliparts): [SBI $D2A56AFD] Last search made (44 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Excel): [SBI $397BF56C] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Excel\Recent Templates
MS Office 11.0 (Outlook): [SBI $51367364] Typed search term history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Office\11.0\Outlook\Office Finder
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Office\11.0\PowerPoint\Recent File List
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Office 11.0 (Word): [SBI $4805589B] Recent template list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Office\11.0\Word\Recent Templates
MS Paint: [SBI $07867C39] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Search Assistant\ACMru
MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $AA0766B5] Stream history (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (62 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-343818398-1958367476-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (2) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (4) (Cache, nothing done)
History: [SBI $49804B54] History (4) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (9) (Cookie, nothing done)
Cookie: [SBI $49804B54] Cookie (296) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-09-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-08-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-09-22 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-31 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-09-21 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-09-21 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-09-21 Includes\TrojansC-05.sbi (*)
2010-09-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2183461)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2160329)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977165)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978251)
/ Windows XP / SP4: Security Update for Windows XP (KB978262)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Hotfix for Windows XP (KB979306)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
/ Windows XP / SP4: Security Update for Windows XP (KB982802)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: A32B25970003B6ABA027EFF8EEDA12A3
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C
Located: HK_LM:Run, ANIWZCS2Service
command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
file: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
size: 49152
MD5: 8C7436C9DA4E3D840A52F9286EA7DB88
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 213054
MD5: ABD44CD38087B0FC2C369B80197A4B9A
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122941
MD5: 409F9DBD6BE91C359D56D9AC72CC05FD
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 1A5179C0E2CB470D6DCF67C439A8EFAD
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: E66953D9FA05FBE8D1462667A9D2D428
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 79136
MD5: BA1E398A4B1275BCBE06F62586079BE9
Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 221EF4850EE10EF325F20D3D9988CCA9
Located: HK_LM:Run, PTHOSTTR
command: C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
file: C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
size: 73728
MD5: C54527F6FFEA753CE1D05EE4C9E6D35F
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 236016
MD5: 7698F96E07E27308095B70ABED912F9C
Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 729178
MD5: B2461C298E7CFB60B51BC78B691290CF
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Documents and Settings\Antje Marder\My Documents\Downloads\Reader\Reader_sl.exe"
file: C:\Documents and Settings\Antje Marder\My Documents\Downloads\Reader\Reader_sl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, BlackBerryAutoUpdate (DISABLED)
command: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
file: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
size: 623888
MD5: 23C5175FBB043D700ACB935728DFFD7B
Located: HK_LM:Run, D-Link AirPlus XtremeG (DISABLED)
command: C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
file: C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
size: 1323008
MD5: 12E8FB28B51742C0B1B41C6ECA93A534
Located: HK_LM:Run, eabconfg.cpl (DISABLED)
command: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
file: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
size: 290816
MD5: C81A184BC726CA2541C75483E40265C2
Located: HK_LM:Run, LogitechCommunicationsManager (DISABLED)
command: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
size: 564496
MD5: BE79099057008DF50D552EE60299A88D
Located: HK_LM:Run, LogitechQuickCamRibbon (DISABLED)
command: "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
file: C:\Program Files\Logitech\QuickCam\Quickcam.exe
size: 2196240
MD5: 53BB5B837579F63A30353C7632AB50D0
Located: HK_LM:Run, PHIME2002A (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Located: HK_LM:Run, PHIME2002ASync (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Located: HK_LM:Run, RemoteControl (DISABLED)
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 8FB740D758B14B1BC950CC347C21E461
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 206112
MD5: 6DA7C93AB37B4A204BFCAE9FA07FF48D
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, Creative Detector (DISABLED)
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
file: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 102400
MD5: C744293DFBE1A3347FEC5DBFE3FD123E
Located: HK_CU:Run, ISUSPM (DISABLED)
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 206112
MD5: 6DA7C93AB37B4A204BFCAE9FA07FF48D
Located: HK_CU:Run, LDM (DISABLED)
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, MtdAcq (DISABLED)
where: S-1-5-21-343818398-1958367476-839522115-1004...
command: C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
file: C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
size: 118862
MD5: 7687D6E7A5FA038F1EDB0C2088BEA4A2
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-343818398-1958367476-839522115-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-343818398-1958367476-839522115-1005...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 206112
MD5: 6DA7C93AB37B4A204BFCAE9FA07FF48D
Located: HK_CU:Run, swg
where: S-1-5-21-343818398-1958367476-839522115-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: Startup (common), McAfee Security Scan Plus.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
file: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2010/06/19 09:29:40 PM
Date (last access): 2010/10/02 01:31:42 PM
Date (last write): 2010/06/19 09:29:40 PM
Filesize: 61888
Attributes: archive
MD5: 4033E7592C3523A620F863E990A6C0FF
CRC32: 9C7CAD55
Version: 9.3.3.177
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2010/06/19 09:29:34 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2010/06/19 09:29:34 PM
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2010/09/21 09:25:06 PM
Date (last access): 2010/10/02 02:29:20 PM
Date (last write): 2009/01/26 03:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 2008/05/14 09:16:20 AM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2005/04/27 02:33:00 PM
Filesize: 118844
Attributes: archive
MD5: 93D073E2A6722D42353ECFCD52CD5A7C
CRC32: 56BC88FB
Version: 1.4.8.0
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype add-on for Internet Explorer
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2010/09/30 11:21:04 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2010/09/30 11:21:04 PM
Filesize: 41760
Attributes: archive
MD5: 6D5ADB1C823BFE21F9431D0995C7B185
CRC32: 71F413A1
Version: 6.0.210.7
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 2010/09/30 11:21:06 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2010/09/30 11:21:06 PM
Filesize: 79648
Attributes: archive
MD5: 59EA2357C22EEAE4677A19C38C2702D0
CRC32: EF320FB8
Version: 6.0.210.7
--- ActiveX list ---
{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf
Codebase: http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PhotoUploader5.ocx
Short name: PHOTOU~1.OCX
Date (created): 2008/10/10 03:44:58 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2008/10/10 03:44:58 PM
Filesize: 3536384
Attributes: archive
MD5: 3F703EC5DB5638C08008132A78430136
CRC32: AB0E6745
Version: 5.5.8.0
{149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
DPF name:
CLSID name: SpinTop DRM Control
Installer:
Codebase: file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\
Long name: stg_drm.ocx
Short name:
Date (created): 2007/10/30 02:23:32 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2007/10/30 02:23:32 PM
Filesize: 111952
Attributes: archive
MD5: C5C9C3C65E8FD22EB0FFE023A5560160
CRC32: 4D57B1A4
Version: 1.0.0.5
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: swdir.dll
Short name:
Date (created): 2008/07/28 08:00:08 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2008/12/05 11:01:24 PM
Filesize: 202168
Attributes: archive
MD5: 5DCAFAA7B98173A2F2243D372C3ADAB9
CRC32: 28A04C3F
Version: 11.0.3.471
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
Codebase: http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 2006/06/20 03:44:04 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2006/06/20 03:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210751163756
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 2008/05/14 07:44:54 AM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2009/08/06 07:24:18 PM
Filesize: 209632
Attributes: archive
MD5: 033AF4CE25B6D871F0DE2C982658E049
CRC32: 2C204902
Version: 7.4.7600.226
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
DPF name:
CLSID name: GMNRev Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
Path: C:\Program Files\HP\Common\
Long name: HPGMNRev.dll
Short name:
Date (created): 2009/04/06 04:25:18 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2009/04/06 04:25:18 PM
Filesize: 187448
Attributes: archive
MD5: 6C064B89690EEBCE38E71BA9937A60E7
CRC32: 49724F32
Version: 9.7.2.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 2010/09/30 11:21:04 PM
Date (last access): 2010/10/02 01:19:32 PM
Date (last write): 2010/09/30 11:21:04 PM
Filesize: 141088
Attributes: archive
MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF
CRC32: 1D07915B
Version: 6.0.210.7
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description: Java Runtime Environment 1.4.2
classification: Legitimate
known filename: %ProgramFiles%\Java\j2re1.4.2_01\bin\NPJPI142_04.dll
info link:
info source: Patrick M. Kolla
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: NPJPI142_05.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 2010/09/30 11:21:04 PM
Date (last access): 2010/10/02 03:16:46 PM
Date (last write): 2010/09/30 11:21:04 PM
Filesize: 141088
Attributes: archive
MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF
CRC32: 1D07915B
Version: 6.0.210.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 2010/09/30 11:21:04 PM
Date (last access): 2010/10/02 03:16:46 PM
Date (last write): 2010/09/30 11:21:04 PM
Filesize: 141088
Attributes: archive
MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF
CRC32: 1D07915B
Version: 6.0.210.7
{CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
DPF name:
CLSID name: ArmHelper Control
Installer:
Codebase: file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
Path:
Long name: ./Images/armhelper.ocx
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 832 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 976 ( 832) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1000 ( 832) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 1060 (1000) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1072 (1000) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1276 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1376 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1416 (1060) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1448 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1596 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1692 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1836 (1060) C:\WINDOWS\system32\spoolsv.exe
size: 58880
MD5: 60784F891563FB1B767F70117FC2428F
PID: 1884 (1060) C:\Program Files\Avira\AntiVir Desktop\sched.exe
size: 108289
MD5: 9015BC03F62940527EC92D45EE89E46F
PID: 1968 (1060) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
size: 185089
MD5: B8720A787C1223492E6F319465E996CE
PID: 1988 (1060) C:\WINDOWS\system32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 2024 (1060) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 126A16F569122AE00AD3D12EF831D651
PID: 156 (1060) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
size: 186904
MD5: 1D28B53C50CC57062692862B8E083020
PID: 168 (1060) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
size: 150040
MD5: 5A9679D184A408982D5F0BD79874B44F
PID: 660 ( 612) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1792 ( 660) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193
PID: 1940 ( 660) C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
size: 73728
MD5: C54527F6FFEA753CE1D05EE4C9E6D35F
PID: 1948 ( 660) C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C
PID: 1964 ( 660) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 729178
MD5: B2461C298E7CFB60B51BC78B691290CF
PID: 456 ( 660) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122941
MD5: 409F9DBD6BE91C359D56D9AC72CC05FD
PID: 568 ( 660) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
PID: 672 ( 660) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
PID: 704 ( 660) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 206112
MD5: 6DA7C93AB37B4A204BFCAE9FA07FF48D
PID: 824 ( 660) C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D
PID: 2700 (1060) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 2740 (1060) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 4056 ( 156) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
size: 186904
MD5: 1D28B53C50CC57062692862B8E083020
PID: 916 (1060) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2196 ( 660) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3292 (2196) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3396 (1416) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2010/10/02 03:16:46 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D2F78CC8-2902-44D3-8D65-8249EC3B0DFE}] SEQPACKET 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D2F78CC8-2902-44D3-8D65-8249EC3B0DFE}] DATAGRAM 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B49F7AB4-CC50-4ED6-B25A-916417A292AD}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B49F7AB4-CC50-4ED6-B25A-916417A292AD}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8CFEFEA-93C2-44C6-BB4D-71B3F6049C9B}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8CFEFEA-93C2-44C6-BB4D-71B3F6049C9B}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{41A883ED-0F20-45F5-8BC8-D0717D754F04}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{41A883ED-0F20-45F5-8BC8-D0717D754F04}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4B2CD690-9F98-4A24-B829-207EF1766C80}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4B2CD690-9F98-4A24-B829-207EF1766C80}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2F78CC8-2902-44D3-8D65-8249EC3B0DFE}] SEQPACKET 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2F78CC8-2902-44D3-8D65-8249EC3B0DFE}] DATAGRAM 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B49F7AB4-CC50-4ED6-B25A-916417A292AD}] SEQPACKET 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B49F7AB4-CC50-4ED6-B25A-916417A292AD}] DATAGRAM 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{41A883ED-0F20-45F5-8BC8-D0717D754F04}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{41A883ED-0F20-45F5-8BC8-D0717D754F04}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8CFEFEA-93C2-44C6-BB4D-71B3F6049C9B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8CFEFEA-93C2-44C6-BB4D-71B3F6049C9B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D70282A5-0B8C-4FE1-939F-D96335529817}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D70282A5-0B8C-4FE1-939F-D96335529817}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC2FEA37-28AF-4C13-8996-55A8978F528E}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FC2FEA37-28AF-4C13-8996-55A8978F528E}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01723014-429B-4B90-9573-6369A233F604}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01723014-429B-4B90-9573-6369A233F604}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip_{259E7727-4AEF-4EC7-9065-1B40B36A1BB1}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip_{259E7727-4AEF-4EC7-9065-1B40B36A1BB1}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80D1798D-D8CC-45B9-BBCF-A76092F7B6D0}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80D1798D-D8CC-45B9-BBCF-A76092F7B6D0}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
hi
thanks its running better. i also think its time to invest in a new one. have been using this one for over 5years. but till then im so attached to it.
what else can i do to block tracking cookies.
Good to hear that the computer is running better. :)
The following website has instructions/tips on how to block tracking cookies:
http://www.mvps.org/winhelp2002/cookies.htm
If there are no other problems, then you're good to go. :)
If you haven't already, you can reenable Avira.
You can delete the following off of your computer:
DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
To remove ComboFix, do the following:
Go to Start > Run - type in ComboFix /Uninstall & click OK
Empty your Recycle Bin.
Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..
Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.
Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates (http://update.microsoft.com/) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware (http://forum.malwareremoval.com/viewtopic.php?p=54#54)
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.spybot.info/showthread.php?t=279)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back (http://spyware-free.us/2006/01/time-to-fight-back.html). Follow these steps and your potential for being infected again will reduce dramatically.
Here's a good website to read about Malware prevention:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
If your computer is running slow, click here (http://www.malwareremoval.com/tutorials/runningslowly.php) for instructions on how to help speed up your computer.
Good luck!
Please reply one last time so that I know you have read my post and this thread can be closed.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.