View Full Version : Your PC trying to connect to 1337wurst.no-ip.info
BlaenauDreamer
2006-09-20, 12:42
Hi
Ever since yesterday i keep getting a box pop up telling me that something on my PC is trying to connect & send info to "1337wurst.no-ip.info" whenever it is disconnected. I have run Spybot/Adaware & done a couple of virus scans but it is still happening, click here to see it (http://img201.imageshack.us/img201/480/000wurstye3.jpg) This is doing my head in as i am pretty much unable to use my PC while it is disconnected at the moment. Hope someone out there can help :banghead:
Hello,
Could you provide a log please, (instructions to do so using Spybot-S&D version 1.4)
Open SpyBot
Close all browsers, check for problems and fix everything found in red
On the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.
:)
BlaenauDreamer
2006-09-20, 21:08
Hi, Thanks for your reply, i have done as you stated & posted below. I've done a Spybot scan & an adaware scan with a full avast virus scan plus i did the virus scan on windows live & tried using the virus scan at Trend micro. The problem at Trend Micro was that i have been unable to fully complete the test because my browser simply shuts down while the virus check is in progress. However during one attempt at doing the test it stated that there were three very bad problems such as "SPYWARE_KEYL_ASTLOG" "TSPY_BIFROSE" & "TSPY_HUBIGON" & that "SPYWARE_KEYL_ASTLOG" is a key logger that looks for passwords that are entered in to boxes that only show aterix's.
Once again thanks for your help :)
I've just tried attatching it but it was too big so i'll copy & paste it below.
--- Search result list ---
MediaPlex: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Bifrose.LA: System file (File, fixed)
C:\WINDOWS\system32\drivers\oreans32.sys
Bifrose.LA: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
DoubleClick: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Fake.Wget: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
Fake.Wget: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-602162358-1957994488-682003330-1004\Software\Wget
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search && Destroy version: 1.3 ---
2006-09-15 Includes\Cookies.sbi
2006-09-15 Includes\Dialer.sbi
2006-09-15 Includes\Hijackers.sbi
2006-09-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2006-09-15 Includes\Malware.sbi
2006-09-15 Includes\PUPS.sbi
2006-09-15 Includes\Revision.sbi
2006-09-15 Includes\Security.sbi
2006-09-15 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-09-15 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
--- Startup entries list ---
Located: HK_LM:Run,
command:
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: e4289180e929bf984bfecefa73322a6a
Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 94208
MD5: ffde5245589ffa24c5075203d2a9c314
Located: HK_LM:Run, LVCOMS
command: C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
file: C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
size: 98304
MD5: dc4cceab220639cff08890065665118c
Located: HK_LM:Run, NvMixerTray
command: C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
file: C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
size: 131072
MD5: ed010795e4e87f0752305b04e68b49ad
Located: HK_LM:Run, SpeedTouch USB Diagnostics
command: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
file: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: d40191aa225638ab20e59524cdd74030
Located: HK_LM:Run, startkey
command: C:\WINDOWS\system32\systemhosts.exe
file: C:\WINDOWS\system32\systemhosts.exe
size: 1194181
MD5: cc1ebcbbb56a0ed4c42835d430757cd6
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, CursorXP
command: C:\Program Files\CursorXP\CursorXP.exe
file: C:\Program Files\CursorXP\CursorXP.exe
size: 128000
MD5: 7b70742882445f1269fc49708ab39751
Located: HK_CU:Run, KeyType
command:
Located: HK_CU:Run, startkey
command: C:\WINDOWS\system32\systemhosts.exe
file: C:\WINDOWS\system32\systemhosts.exe
size: 1194181
MD5: cc1ebcbbb56a0ed4c42835d430757cd6
Located: HK_CU:Run, Steam
command:
Located: Startup (common), Logitech SetPoint.lnk
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 593920
MD5: bc91cb3da7a58510a39a0ccbb82cd797
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (disabled), Run Nintendo Wi-Fi USB Connector Registration Tool (DISABLED)
command: C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE
file: C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE
size: 1073152
MD5: af38256899bf8d5f4358ad68a5453bbe
Located: Startup (disabled), Microsoft Find Fast (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\FINDFAST.EXE
file: C:\PROGRA~1\MICROS~3\Office\FINDFAST.EXE
size: 111376
MD5: 22661527d19c655fd291bf421090b157
Located: Startup (disabled), Office Startup (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\OSA.EXE -b
file: C:\PROGRA~1\MICROS~3\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d
Located: Startup (disabled), ²¥°ÔÍøÂçµçÊÓ (DISABLED)
command: C:\PROGRA~1\pcast\PODCAS~1\PODCAS~2.EXE
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 24/09/2005 05:12:08
Date (last access): 20/09/2006 17:52:42
Date (last write): 12/01/2006 21:38:22
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 0.7.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 10/11/2005 14:03:56
Date (last access): 20/09/2006 17:52:42
Date (last write): 10/11/2005 14:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 0.5.0.0
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 07/07/2006 12:29:52
Date (last access): 20/09/2006 17:52:42
Date (last write): 07/07/2006 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 0.4.0.0
--- ActiveX list ---
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 16:00:18
Date (last access): 20/09/2006 18:51:42
Date (last write): 29/05/2003 16:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 0.7.0.1
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
Long name: QTPlugin.ocx
Short name:
Date (created): 17/03/2006 14:06:44
Date (last access): 20/09/2006 15:19:24
Date (last write): 11/01/2006 00:33:18
Filesize: 409600
Attributes: archive
MD5: F4EC36EB22CFE40551DE3713805FA3F2
CRC32: 634EA6F9
Version: 0.7.0.0
{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 06/04/2004 19:03:54
Date (last access): 20/09/2006 18:51:42
Date (last write): 06/04/2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 0.9.0.2
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 30/11/2004 19:36:10
Date (last access): 20/09/2006 12:33:22
Date (last write): 09/09/2004 15:49:12
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 0.10.0.1
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.5
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 31/08/2006 14:15:18
Date (last access): 20/09/2006 16:54:46
Date (last write): 31/08/2006 14:15:18
Filesize: 383488
Attributes: archive
MD5: 29FEC1273BD4BCDCF828C8AE73B8A5DC
CRC32: F620880C
Version: 0.6.0.5
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object)
DPF name:
CLSID name: CMediaMix Object
Path: C:\WINDOWS\system32\
Long name: MediaLogic.dll
Short name: MEDIAL~1.DLL
Date (created): 20/12/2005 12:00:40
Date (last access): 20/09/2006 12:33:42
Date (last write): 20/12/2005 12:00:40
Filesize: 253128
Attributes: archive
MD5: 0F768B295C27FB1BD9B3376575DD730A
CRC32: D7266458
Version: 0.1.0.0
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 16:00:22
Date (last access): 20/09/2006 18:51:42
Date (last write): 29/05/2003 16:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 0.7.0.1
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 26/01/2004 19:40:04
Date (last access): 20/09/2006 18:51:42
Date (last write): 26/01/2004 19:40:04
Filesize: 133120
Attributes: archive
MD5: E1FBF33D995C89583A36F461EC2879FF
CRC32: 1592E04B
Version: 7.212.0.1
{38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object)
DPF name:
CLSID name: CVideoEgg_ActiveXCtl Object
Path: C:\Documents and Settings\All Users\Application Data\VideoEgg1\
Long name: npvideoegg-updater.dll
Short name: NPVIDE~1.DLL
Date (created): 27/04/2006 19:08:22
Date (last access): 20/09/2006 16:58:34
Date (last write): 27/04/2006 19:08:22
Filesize: 233472
Attributes: archive
MD5: B9291899B9C9ACDA1AE9420FFAF21BB0
CRC32: 3D29D674
Version: 0.1.0.0
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FilePlanetDownloadCtrl.dll
Short name: FILEPL~1.DLL
Date (created): 21/06/2004 20:11:18
Date (last access): 20/09/2006 18:51:42
Date (last write): 21/06/2004 20:11:18
Filesize: 294912
Attributes: archive
MD5: E6B0A532DC0404BCB678CB0F6757008D
CRC32: AE97F52E
Version: 0.1.0.0
BlaenauDreamer
2006-09-20, 21:12
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 14/10/2005 12:02:36
Date (last access): 20/09/2006 18:51:42
Date (last write): 14/10/2005 12:02:36
Filesize: 372736
Attributes: archive
MD5: C673BDB4BE7D28D36D39181F6183DFA2
CRC32: 18D2F4B2
Version: 0.10.0.0
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 27/07/2006 16:33:46
Date (last access): 20/09/2006 18:51:42
Date (last write): 27/07/2006 16:33:46
Filesize: 452920
Attributes: archive
MD5: 31B684EB136F3A933D8E5D4646ABA6AD
CRC32: D72E5183
Version: 0.1.0.2
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 22/11/2004 15:43:08
Date (last access): 20/09/2006 12:43:10
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 0.5.0.8
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 20/09/2006 12:34:56
Date (last write): 26/05/2005 04:19:32
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 0.5.0.8
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
DPF name:
CLSID name: GSDACtl Class
{745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class)
DPF name:
CLSID name: AxisMediaControl Class
Path: C:\Program Files\Axis Communications\AXIS Media Control\
Long name: AxisMediaControl.dll
Short name: AXISME~1.DLL
Date (created): 08/09/2005 19:42:12
Date (last access): 20/09/2006 15:19:30
Date (last write): 16/09/2004 15:11:00
Filesize: 581632
Attributes: archive
MD5: 6DEC4DD36698DFCE89B4DDB36EE7D147
CRC32: 3BEAC2D0
Version: 0.3.0.11
{77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)
DPF name:
CLSID name: Groove Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GrooveAX.dll
Short name:
Date (created): 05/01/2004 10:37:48
Date (last access): 20/09/2006 18:51:42
Date (last write): 05/01/2004 10:37:48
Filesize: 468696
Attributes: archive
MD5: ABAD8F14E3F8F73C54FA588C76384685
CRC32: E7E2E448
Version: 0.1.0.0
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 21/07/2006 18:50:14
Date (last access): 20/09/2006 18:51:42
Date (last write): 21/07/2006 18:50:14
Filesize: 180282
Attributes: archive
MD5: C2AB04247A8FE05AFC924447568D18C5
CRC32: 5C6624F7
Version: 0.1.0.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 20/09/2006 16:54:22
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 20/09/2006 18:51:42
Date (last write): 29/05/2003 16:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 02/09/2005 16:41:28
Date (last access): 20/09/2006 18:51:42
Date (last write): 02/09/2005 16:41:28
Filesize: 135168
Attributes: archive
MD5: 51C818502B44E79F7811B049830117B1
CRC32: 398FAC89
Version: 0.58.0.0
{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Zintro.ocx
Short name:
Date (created): 17/11/2004 22:44:52
Date (last access): 20/09/2006 12:02:30
Date (last write): 17/11/2004 22:44:52
Filesize: 114728
Attributes: archive
MD5: F94C4867418A1CA860D784CCD807740B
CRC32: 5DCE6500
Version: 0.9.0.3
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/2004 21:26:10
Date (last access): 20/09/2006 08:12:18
Date (last write): 28/09/2004 21:26:00
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 0.1.0.4
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 04/03/2005 03:36:50
Date (last access): 20/09/2006 08:12:18
Date (last write): 04/03/2005 03:54:18
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 0.5.0.0
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03/06/2005 03:52:58
Date (last access): 20/09/2006 08:12:18
Date (last write): 03/06/2005 04:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 0.5.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 20/09/2006 18:56:34
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 20/09/2006 18:56:34
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7)
DPF name:
CLSID name: Measurement Services Client v.3.7
Path: C:\WINDOWS\system32\FUTURE~1\MSC\
Long name: MSC3.ocx
Short name:
Date (created): 20/06/2005 12:53:44
Date (last access): 20/09/2006 15:19:30
Date (last write): 20/06/2005 12:53:44
Filesize: 610304
Attributes: archive
MD5: 27D75CE10AA22D18A814CCAA60F68A6C
CRC32: 28A0D087
Version: 0.3.0.7
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 22/06/2006 21:44:20
Date (last access): 20/09/2006 17:52:48
Date (last write): 22/06/2006 21:44:20
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 0.9.0.0
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 20/09/2006 18:51:42
Date (last write): 29/05/2003 16:00:20
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 0.7.0.1
--- Process list ---
Spybot - Search && Destroy process list report, 20/09/2006 18:56:33
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 140 (2040) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
PID: 392 ( 4) \SystemRoot\System32\smss.exe
PID: 416 ( 540) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 472 ( 392) csrss.exe
PID: 496 ( 392) \??\C:\WINDOWS\system32\winlogon.exe
PID: 540 ( 496) C:\WINDOWS\system32\services.exe
PID: 552 ( 496) C:\WINDOWS\system32\lsass.exe
PID: 696 ( 540) C:\WINDOWS\system32\Ati2evxx.exe
PID: 708 ( 540) C:\WINDOWS\system32\svchost.exe
PID: 784 ( 540) svchost.exe
PID: 820 ( 540) C:\WINDOWS\System32\svchost.exe
PID: 876 ( 540) svchost.exe
PID: 896 ( 540) svchost.exe
PID: 1000 ( 540) C:\WINDOWS\system32\svchost.exe
PID: 1132 ( 540) C:\WINDOWS\system32\spoolsv.exe
PID: 1184 ( 496) C:\WINDOWS\system32\Ati2evxx.exe
PID: 1248 (1220) C:\WINDOWS\Explorer.EXE
PID: 1396 ( 540) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1424 ( 540) C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1484 ( 540) C:\WINDOWS\system32\drivers\KodakCCS.exe
PID: 1560 ( 540) C:\WINDOWS\system32\svchost.exe
PID: 1696 ( 540) wdfmgr.exe
PID: 1940 (1248) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 1948 (1248) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PID: 1956 (1248) C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
PID: 1968 (1248) C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
PID: 2004 ( 540) alg.exe
PID: 2008 (1248) C:\WINDOWS\system32\ctfmon.exe
PID: 2020 (1248) C:\Program Files\CursorXP\CursorXP.exe
PID: 2040 (1248) C:\Program Files\Logitech\SetPoint\SetPoint.exe
PID: 2232 (1248) C:\Program Files\Internet Explorer\iexplore.exe
PID: 2352 ( 540) C:\WINDOWS\System32\svchost.exe
PID: 2948 (1248) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
BlaenauDreamer
2006-09-20, 21:13
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 20/09/2006 18:56:33
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.bbc.co.uk/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: Xfire_LSP MSAFD Tcpip [TCP/IP]
GUID: {0DB9507B-F2AA-4057-A7DA-B3054F6A6E48}
Filename: xfire_lsp_10650.dll
Protocol 1: Xfire_LSP MSAFD Tcpip [UDP/IP]
GUID: {97338D69-DF7B-436F-9F50-A039468511F0}
Filename: xfire_lsp_10650.dll
Protocol 2: Xfire_LSP MSAFD Tcpip [RAW/IP]
GUID: {B50AE63C-008A-430A-A09E-F7BECAB22352}
Filename: xfire_lsp_10650.dll
Protocol 3: Xfire_LSP RSVP UDP Service Provider
GUID: {F8DD7256-76A3-495A-9083-459E07227F5A}
Filename: xfire_lsp_10650.dll
Protocol 4: Xfire_LSP RSVP TCP Service Provider
GUID: {794AFE55-17B7-4EF4-A97A-994C4AEDE70B}
Filename: xfire_lsp_10650.dll
Protocol 5: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 7: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 8: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: Xfire_LSP
GUID: {C6C30084-C640-4416-A427-19DD8FCF98B2}
Filename: xfire_lsp_10650.dll
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36BD2C92-F3B5-4F1B-8E13-718CF5A1816C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36BD2C92-F3B5-4F1B-8E13-718CF5A1816C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{359F2430-A46E-4ED6-9E48-0371B3013C3A}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{359F2430-A46E-4ED6-9E48-0371B3013C3A}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10FD12B-615A-4249-8197-28976252C595}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10FD12B-615A-4249-8197-28976252C595}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A64C84A2-E7E9-49CB-9C5A-5FA365328608}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A64C84A2-E7E9-49CB-9C5A-5FA365328608}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1CA5EF6-4A46-4ABE-9B14-E73DE81A668E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1CA5EF6-4A46-4ABE-9B14-E73DE81A668E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54064CF6-EB92-4D11-86E7-0AD04155BFD3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54064CF6-EB92-4D11-86E7-0AD04155BFD3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{399A3D12-7B12-4B48-8E58-004C045D28A0}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{399A3D12-7B12-4B48-8E58-004C045D28A0}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6219AE76-EC73-4CAE-8179-CF08CB3D665B}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6219AE76-EC73-4CAE-8179-CF08CB3D665B}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
BlaenauDreamer
2006-09-20, 21:14
Hmmmmm? looks like i did something wrong, sorry about that :)
Hi there, you are doing fine. :)
However I should have asked your operating system and Spybot-S&D version. :rolleyes: Although I saw your problem with the internet.
Please see:
Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html)
Spybot-S&D Version 1.4 Download (http://www.spybot.info/en/download/index.html)
Uninstalling Previous Spybot-S&D (http://www.safer-networking.org/en/faq/27.html)
Tutorial (http://www.spybot.info/en/tutorial/index.html)
EDIT:
However as you have problems staying on the net I am going to direct you here:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
If you can just get the HJT log start your own thread in the malware forum:
Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Let us know if you cannot please.
BlaenauDreamer
2006-09-21, 11:33
Hi again :) I've updated Spybot as suggested & i will post it below. Most of the time i'm having no problems staying on the net, it is only when i do the spyware/virus test at Trend Micro that the browser shuts down while the test is in progress, i even tried doing the test usin Firefox but that shut down even quicker than IE.
Thanks for your help :)
Hmmm? the attatchment is still too big for the forum, i'll copy & paste it below again.
--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
Bifrose.LA: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
Bifrose.LA: System file (File, fixed)
C:\WINDOWS\system32\drivers\oreans32.sys
Fake.Wget: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-602162358-1957994488-682003330-1004\Software\Wget
Fake.Wget: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
Advertising.com: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Nick) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
TargetNet: Tracking cookie (Firefox: default) (Cookie, fixed)
ValueClick: Tracking cookie (Firefox: default) (Cookie, fixed)
VX2.Favoriteman: Tracking cookie (Firefox: default) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-15 Includes\Cookies.sbi (*)
2006-09-15 Includes\Dialer.sbi (*)
2006-09-15 Includes\Hijackers.sbi (*)
2006-09-15 Includes\Keyloggers.sbi (*)
2006-09-15 Includes\Malware.sbi (*)
2006-09-15 Includes\PUPS.sbi (*)
2006-09-15 Includes\Revision.sbi (*)
2006-09-15 Includes\Security.sbi (*)
2006-09-15 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-15 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: e4289180e929bf984bfecefa73322a6a
Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 94208
MD5: ffde5245589ffa24c5075203d2a9c314
Located: HK_LM:Run, LVCOMS
command: C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
file: C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
size: 98304
MD5: dc4cceab220639cff08890065665118c
Located: HK_LM:Run, NvMixerTray
command: C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
file: C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
size: 131072
MD5: ed010795e4e87f0752305b04e68b49ad
Located: HK_LM:Run, SpeedTouch USB Diagnostics
command: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
file: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: d40191aa225638ab20e59524cdd74030
Located: HK_LM:Run, startkey
command: C:\WINDOWS\system32\systemhosts.exe
file: C:\WINDOWS\system32\systemhosts.exe
size: 1194181
MD5: cc1ebcbbb56a0ed4c42835d430757cd6
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, CursorXP
command: C:\Program Files\CursorXP\CursorXP.exe
file: C:\Program Files\CursorXP\CursorXP.exe
size: 128000
MD5: 7b70742882445f1269fc49708ab39751
Located: HK_CU:Run, KeyType
command:
file:
Located: HK_CU:Run, startkey
command: C:\WINDOWS\system32\systemhosts.exe
file: C:\WINDOWS\system32\systemhosts.exe
size: 1194181
MD5: cc1ebcbbb56a0ed4c42835d430757cd6
Located: HK_CU:Run, Steam
command:
file:
Located: Startup (common), Logitech SetPoint.lnk
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 593920
MD5: bc91cb3da7a58510a39a0ccbb82cd797
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (disabled), Run Nintendo Wi-Fi USB Connector Registration Tool (DISABLED)
command: C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE
file: C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE
size: 1073152
MD5: af38256899bf8d5f4358ad68a5453bbe
Located: Startup (disabled), Microsoft Find Fast (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\FINDFAST.EXE
file: C:\PROGRA~1\MICROS~3\Office\FINDFAST.EXE
size: 111376
MD5: 22661527d19c655fd291bf421090b157
Located: Startup (disabled), Office Startup (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\OSA.EXE -b
file: C:\PROGRA~1\MICROS~3\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d
Located: Startup (disabled), ²¥°ÔÍøÂçµçÊÓ (DISABLED)
command: C:\PROGRA~1\pcast\PODCAS~1\PODCAS~2.EXE
file:
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 24/09/2005 05:12:08
Date (last access): 21/09/2006 08:47:48
Date (last write): 12/01/2006 21:38:22
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 21/09/2006 09:08:46
Date (last access): 21/09/2006 09:08:46
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 10/11/2005 14:03:56
Date (last access): 21/09/2006 09:04:04
Date (last write): 10/11/2005 14:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 07/07/2006 12:29:52
Date (last access): 21/09/2006 09:04:04
Date (last write): 07/07/2006 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1
--- ActiveX list ---
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 16:00:18
Date (last access): 21/09/2006 09:13:52
Date (last write): 29/05/2003 16:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
Long name: QTPlugin.ocx
Short name:
Date (created): 17/03/2006 14:06:44
Date (last access): 20/09/2006 18:56:34
Date (last write): 11/01/2006 00:33:18
Filesize: 409600
Attributes: archive
MD5: F4EC36EB22CFE40551DE3713805FA3F2
CRC32: 634EA6F9
Version: 7.0.4.80
{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 06/04/2004 19:03:54
Date (last access): 21/09/2006 09:13:52
Date (last write): 06/04/2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1
BlaenauDreamer
2006-09-21, 11:35
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 30/11/2004 19:36:10
Date (last access): 20/09/2006 18:56:34
Date (last write): 09/09/2004 15:49:12
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 10.1.0.11
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.5
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 31/08/2006 14:15:18
Date (last access): 20/09/2006 18:56:34
Date (last write): 31/08/2006 14:15:18
Filesize: 383488
Attributes: archive
MD5: 29FEC1273BD4BCDCF828C8AE73B8A5DC
CRC32: F620880C
Version: 6.5.4.4
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object)
DPF name:
CLSID name: CMediaMix Object
Installer: C:\WINDOWS\Downloaded Program Files\Medialogic.INF
Codebase: http://musicmix.messenger.msn.com/Medialogic.CAB
Path: C:\WINDOWS\system32\
Long name: MediaLogic.dll
Short name: MEDIAL~1.DLL
Date (created): 20/12/2005 12:00:40
Date (last access): 20/09/2006 18:56:34
Date (last write): 20/12/2005 12:00:40
Filesize: 253128
Attributes: archive
MD5: 0F768B295C27FB1BD9B3376575DD730A
CRC32: D7266458
Version: 1.0.1514.0
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 16:00:22
Date (last access): 21/09/2006 09:13:52
Date (last write): 29/05/2003 16:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: http://download.yahoo.com/dl/installs/yinst0401.cab
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 26/01/2004 19:40:04
Date (last access): 21/09/2006 09:13:52
Date (last write): 26/01/2004 19:40:04
Filesize: 133120
Attributes: archive
MD5: E1FBF33D995C89583A36F461EC2879FF
CRC32: 1592E04B
Version: 2004.1.26.1
{38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object)
DPF name:
CLSID name: CVideoEgg_ActiveXCtl Object
Installer:
Codebase: http://update.videoegg.com/wintel/VideoEggPublisher.exe
Path: C:\Documents and Settings\All Users\Application Data\VideoEgg1\
Long name: npvideoegg-updater.dll
Short name: NPVIDE~1.DLL
Date (created): 27/04/2006 19:08:22
Date (last access): 20/09/2006 18:56:34
Date (last write): 27/04/2006 19:08:22
Filesize: 233472
Attributes: archive
MD5: B9291899B9C9ACDA1AE9420FFAF21BB0
CRC32: 3D29D674
Version: 1.0.0.1
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Installer:
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
description:
classification: Legitimate
known filename: FilePlanetDownloadCtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FilePlanetDownloadCtrl.dll
Short name: FILEPL~1.DLL
Date (created): 21/06/2004 20:11:18
Date (last access): 21/09/2006 09:13:52
Date (last write): 21/06/2004 20:11:18
Filesize: 294912
Attributes: archive
MD5: E6B0A532DC0404BCB678CB0F6757008D
CRC32: AE97F52E
Version: 1.0.0.44
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 14/10/2005 12:02:36
Date (last access): 21/09/2006 09:13:52
Date (last write): 14/10/2005 12:02:36
Filesize: 372736
Attributes: archive
MD5: C673BDB4BE7D28D36D39181F6183DFA2
CRC32: 18D2F4B2
Version: 10.0.911.0
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 27/07/2006 16:33:46
Date (last access): 21/09/2006 09:13:52
Date (last write): 27/07/2006 16:33:46
Filesize: 452920
Attributes: archive
MD5: 31B684EB136F3A933D8E5D4646ABA6AD
CRC32: D72E5183
Version: 1.2.969.1
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121063863796
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 22/11/2004 15:43:08
Date (last access): 20/09/2006 18:56:34
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144252936546
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 20/09/2006 18:56:34
Date (last write): 26/05/2005 04:19:32
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
DPF name:
CLSID name: GSDACtl Class
Installer:
Codebase: http://launch.gamespyarcade.com/software/launch/alaunch.cab
description:
classification: Legitimate
known filename: gsda.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gsda.dll
{745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class)
DPF name:
CLSID name: AxisMediaControl Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://webcam04.deg.net/activex/AMC.cab
description:
classification: Open for discussion
known filename: AxisMediaControl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Axis Communications\AXIS Media Control\
Long name: AxisMediaControl.dll
Short name: AXISME~1.DLL
Date (created): 08/09/2005 19:42:12
Date (last access): 20/09/2006 18:56:34
Date (last write): 16/09/2004 15:11:00
Filesize: 581632
Attributes: archive
MD5: 6DEC4DD36698DFCE89B4DDB36EE7D147
CRC32: 3BEAC2D0
Version: 3.11.0.1
{77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)
DPF name:
CLSID name: Groove Control
Installer:
Codebase: http://www.nick.com/common/groove/gx/GrooveAX27.cab
description:
classification: Open for discussion
known filename: GROOVEAX.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GrooveAX.dll
Short name:
Date (created): 05/01/2004 10:37:48
Date (last access): 21/09/2006 09:13:52
Date (last write): 05/01/2004 10:37:48
Filesize: 468696
Attributes: archive
MD5: ABAD8F14E3F8F73C54FA588C76384685
CRC32: E7E2E448
Version: 1.0.27.0
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 21/07/2006 18:50:14
Date (last access): 21/09/2006 09:13:52
Date (last write): 21/07/2006 18:50:14
Filesize: 180282
Attributes: archive
MD5: C2AB04247A8FE05AFC924447568D18C5
CRC32: 5C6624F7
Version: 1.1.0.1048
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 20/09/2006 18:56:34
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
BlaenauDreamer
2006-09-21, 11:36
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 21/09/2006 09:13:52
Date (last write): 29/05/2003 16:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 02/09/2005 16:41:28
Date (last access): 21/09/2006 09:13:52
Date (last write): 02/09/2005 16:41:28
Filesize: 135168
Attributes: archive
MD5: 51C818502B44E79F7811B049830117B1
CRC32: 398FAC89
Version: 58.0.0.0
{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Zintro.ocx
Short name:
Date (created): 17/11/2004 22:44:52
Date (last access): 20/09/2006 18:56:34
Date (last write): 17/11/2004 22:44:52
Filesize: 114728
Attributes: archive
MD5: F94C4867418A1CA860D784CCD807740B
CRC32: 5DCE6500
Version: 9.3.2846.1
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_4_2_06.inf
Codebase: http://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI142_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/2004 21:26:10
Date (last access): 20/09/2006 18:56:34
Date (last write): 28/09/2004 21:26:00
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 1.4.2.60
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 04/03/2005 03:36:50
Date (last access): 20/09/2006 18:56:34
Date (last write): 04/03/2005 03:54:18
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 5.0.20.9
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03/06/2005 03:52:58
Date (last access): 20/09/2006 18:56:34
Date (last write): 03/06/2005 04:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 21/09/2006 09:23:06
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 14:03:56
Date (last access): 21/09/2006 09:23:06
Date (last write): 10/11/2005 14:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7)
DPF name:
CLSID name: Measurement Services Client v.3.7
Installer: C:\WINDOWS\Downloaded Program Files\MSC3.inf
Codebase: http://gameadvisor.futuremark.com/global/msc37.cab
description:
classification: Legitimate
known filename: MSC3.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\FUTURE~1\MSC\
Long name: MSC3.ocx
Short name:
Date (created): 20/06/2005 12:53:44
Date (last access): 20/09/2006 18:56:34
Date (last write): 20/06/2005 12:53:44
Filesize: 610304
Attributes: archive
MD5: 27D75CE10AA22D18A814CCAA60F68A6C
CRC32: 28A0D087
Version: 3.7.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 22/06/2006 21:44:20
Date (last access): 21/09/2006 08:47:46
Date (last write): 22/06/2006 21:44:20
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 9.0.16.0
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
description:
classification: Legitimate
known filename: solitaireshowdown.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 21/09/2006 09:13:52
Date (last write): 29/05/2003 16:00:20
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 7.1.9502.1
--- Process list ---
PID: 0 ( 0) [System]
PID: 392 ( 4) \SystemRoot\System32\smss.exe
PID: 472 ( 392) \??\C:\WINDOWS\system32\csrss.exe
PID: 496 ( 392) \??\C:\WINDOWS\system32\winlogon.exe
PID: 540 ( 496) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 552 ( 496) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 696 ( 540) C:\WINDOWS\system32\Ati2evxx.exe
size: 368640
MD5: 725BBF8C2D631505CF6375A9D603A112
PID: 708 ( 540) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 784 ( 540) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 824 ( 540) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 872 ( 540) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 920 ( 540) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1128 ( 540) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1184 ( 496) C:\WINDOWS\system32\Ati2evxx.exe
size: 368640
MD5: 725BBF8C2D631505CF6375A9D603A112
PID: 1248 (1220) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1368 ( 540) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 59008
MD5: DC995DA2D258C0590C3AE07EC68BFEE6
PID: 1396 ( 540) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 108160
MD5: FB28CDCC7C383FCD7D773424E25F356A
PID: 1584 ( 540) C:\WINDOWS\system32\drivers\KodakCCS.exe
size: 411920
MD5: B3F86266F372A97624F5D132DA6E97E6
PID: 1752 ( 540) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2020 ( 540) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 228 ( 540) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 370304
MD5: 7D1AE2588DCFC5D07E6EBCAA25192DB1
PID: 600 ( 540) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 916 (1248) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 108160
MD5: E4289180E929BF984BFECEFA73322A6A
PID: 996 (1248) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 988 (1248) C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
size: 98304
MD5: DC4CCEAB220639CFF08890065665118C
PID: 1040 (1248) C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
size: 866816
MD5: D40191AA225638AB20E59524CDD74030
PID: 1180 (1248) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1236 (1248) C:\Program Files\CursorXP\CursorXP.exe
size: 128000
MD5: 7B70742882445F1269FC49708AB39751
PID: 1532 (1248) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 593920
MD5: BC91CB3DA7A58510A39A0CCBB82CD797
PID: 2088 (1532) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
size: 94208
MD5: FFDE5245589FFA24C5075203D2A9C314
PID: 2136 (1248) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2528 ( 540) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3888 (3872) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
BlaenauDreamer
2006-09-21, 11:37
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 21/09/2006 09:23:06
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.bbc.co.uk/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: Xfire_LSP MSAFD Tcpip [TCP/IP]
GUID: {0DB9507B-F2AA-4057-A7DA-B3054F6A6E48}
Filename: xfire_lsp_10650.dll
Protocol 1: Xfire_LSP MSAFD Tcpip [UDP/IP]
GUID: {97338D69-DF7B-436F-9F50-A039468511F0}
Filename: xfire_lsp_10650.dll
Protocol 2: Xfire_LSP MSAFD Tcpip [RAW/IP]
GUID: {B50AE63C-008A-430A-A09E-F7BECAB22352}
Filename: xfire_lsp_10650.dll
Protocol 3: Xfire_LSP RSVP UDP Service Provider
GUID: {F8DD7256-76A3-495A-9083-459E07227F5A}
Filename: xfire_lsp_10650.dll
Protocol 4: Xfire_LSP RSVP TCP Service Provider
GUID: {794AFE55-17B7-4EF4-A97A-994C4AEDE70B}
Filename: xfire_lsp_10650.dll
Protocol 5: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 7: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 8: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: Xfire_LSP
GUID: {C6C30084-C640-4416-A427-19DD8FCF98B2}
Filename: xfire_lsp_10650.dll
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36BD2C92-F3B5-4F1B-8E13-718CF5A1816C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36BD2C92-F3B5-4F1B-8E13-718CF5A1816C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{359F2430-A46E-4ED6-9E48-0371B3013C3A}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{359F2430-A46E-4ED6-9E48-0371B3013C3A}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10FD12B-615A-4249-8197-28976252C595}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10FD12B-615A-4249-8197-28976252C595}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A64C84A2-E7E9-49CB-9C5A-5FA365328608}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A64C84A2-E7E9-49CB-9C5A-5FA365328608}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1CA5EF6-4A46-4ABE-9B14-E73DE81A668E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1CA5EF6-4A46-4ABE-9B14-E73DE81A668E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54064CF6-EB92-4D11-86E7-0AD04155BFD3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54064CF6-EB92-4D11-86E7-0AD04155BFD3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{399A3D12-7B12-4B48-8E58-004C045D28A0}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{399A3D12-7B12-4B48-8E58-004C045D28A0}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6219AE76-EC73-4CAE-8179-CF08CB3D665B}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6219AE76-EC73-4CAE-8179-CF08CB3D665B}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hi BlaenauDreamer.
We should see a HJT log which will give us information from a different angle, so please go here:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Just follow the instructions to get that log, nothing else.
Then start your own thread in the malware forum:
Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22)
Copy and paste the hjt log into your new topic, then please send me a private message (pm) to let me know you have done so.
I will ask a helper to take a look today so you don't have to wait any longer.
Also, please take a look at this sticky:
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2 )
I see in the Spybot log that you have several old versions on the system, your helper will guide you through the removal once the hjt log has been posted and analysed.
Cheers.