Page 1 of 4 1234 LastLast
Results 1 to 10 of 37

Thread: trojan.win32.dialer.hc

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default trojan.win32.dialer.hc

    Hi,

    I'm new here but maybe someone can help me. When I boot my pc I inevitably get a spysweeper alert that svchost.exe is trying to reset my security settings to allow a website called sgrunt.biz to be accessed. (This appears to be a malicious website)

    Spysweeper shuts down the action and recommends a sweep of my system. Sweep does not reveal reveals anything. At roughly the same time my AOLspyware tells me it has found and blocked tojan.win32.dialer.hc and I go into the blocked items area of the program and remove it. (I do not actually believe it is removed)

    I run spybot, lavasoft adaware, AOl spyware, Webroot Spysweeper, Macafee Antivirus, Macafee Firewall, and cwshredder. All applications find rogue crapola on my system regularily except Macafee. COOLWEBSEARCH seems to be prevalent and may be related to the trojan. Everytime I update definitions a new version of COOLWEBSEARCH is found. (again I suspect that CWS is not really removed by the anti spyware programs I have or has a way of restarting itself next boot up)

    I also cannot use the right click of my mouse button in windows explorer anymore. If I rightclick an item in windows explorer, then explorer shuts down momentarily and Dr. Watson Postmotem debugger pops up sometimes; When it does it will not close properly. I go to the task manager. Two files called Drwatsn.exe are present and both must be closed to shut down the debugger program.

    On a final note I have found a hidden folder called JITI in my AOL folder with the program Jiti_mm.exe. This program is unfamiliar to my and its creation date of May 2005 is suspicious although not neccessarily impossible. (AOL updates itself regualrily with new features)

    Someone please help or provide advise

    Thank You
    Last edited by Arctic Wolf; 2005-11-07 at 18:41.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello Arctic Wolf.
    If here:
    c:\program files\america online 9.0\jiti\jiti_mm.exe <--apprantly belongs to AOL.

    Of interest re: sgrunt.biz
    http://www.wilderssecurity.com/showthread.php?p=600503

    We should look at a log; please make sure you have Spybot-S&D version 1.4
    Uninstalling Previous Spybot-S&D
    Spybot-S&D Version 1.4 Download
    Tutorial
    Then:
    Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

    Uncheck[ ] do not report disabled or known legitimate Items.
    uncheck[ ] Include a list of services in report.
    Uncheck[ ] Include uninstall list in report.

    Attach or copy paste the log into this topic.

    Make sure you update the program after installing and before scanning. (If you receive a Bad Checksum Error please try another download mirror.)
    Cheers.

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default Trojan.win32.dialer.hc

    Coincidentally while reading your reply tashi I got the SpySweeper and Aol Spyware messages again.

    This is the shortened SpySweeper Security Message:

    IE Security Shield found C:|Program Files\Common Files\AOL\AOLSERVICEHOST.EXE

    The full message in the alert only lasts for a little while but basically says that aolservicehost.exe tried to reset the securities settings to allow for SGrunt.biz to be placed in my safe zone.

    Again about 12 seconds after the spysweeper alert I get the Trojan alert from AOLspyware warning me that the trojan.win32.dialer.hc has been blocked.

    I looked at the link you gave me and realized I had already found that info which did not seem to make any sense to me. Another link at Geeks to Go http://www.geekstogo.com/forum/index...T&f=37&t=76123
    seems to indicate an identical problem to mine. I do not have the knowledge base to grasp the answer given but it seems to indicate a larger problem.


    I will initiate the steps you suggest and post the results.

    Should I perhaps be doing the scans in safe mode?

  4. #4
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default Trojan.win32.dialer.hc

    Here is the log report requested:
    --- Search result list ---
    Congratulations!: No immediate threats were found. ()
    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-11-06 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-11-04 Includes\Cookies.sbi (*)
    2005-11-04 Includes\Dialer.sbi (*)
    2005-11-04 Includes\Hijackers.sbi (*)
    2005-11-04 Includes\Keyloggers.sbi (*)
    2005-11-04 Includes\Malware.sbi (*)
    2005-11-04 Includes\PUPS.sbi (*)
    2005-11-04 Includes\Revision.sbi (*)
    2005-11-04 Includes\Security.sbi (*)
    2005-11-04 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2005-11-04 Includes\Trojans.sbi (*)

    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Security Update for Windows XP (KB883939)
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Windows XP Hotfix - KB887797
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893066)
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Hotfix for Windows XP (KB896344)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Security Update for Windows XP (KB896688)
    / Windows XP / SP3: Update for Windows XP (KB896727)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Update for Windows XP (KB900930)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Security Update for Windows XP (KB903235)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221

  5. #5
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    --- Startup entries list ---
    Located: HK_LM:Run, Alcmtr
    command: ALCMTR.EXE
    file: C:\WINDOWS\ALCMTR.EXE
    size: 69632
    MD5: 8b4cbba1ea526830c7f97e7822e2493a

    Located: HK_LM:Run, AlcWzrd
    command: ALCWZRD.EXE
    file: C:\WINDOWS\ALCWZRD.EXE
    size: 2807808
    MD5: 057c8f39c09f60216c452eed19ad3cb2

    Located: HK_LM:Run, AOL Spyware Protection
    command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    size: 79448
    MD5: 217697c43bff8d740cfbb9ad87621519

    Located: HK_LM:Run, AOLDialer
    command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    size: 34904
    MD5: 25d2aa5a7ca01db369a39149a1ab2f30

    Located: HK_LM:Run, CARPService
    command: carpserv.exe
    file: C:\WINDOWS\system32\carpserv.exe
    size: 4608
    MD5: 9aaf44fdf3a5517066b286b80c4a149f

    Located: HK_LM:Run, High Definition Audio Property Page Shortcut
    command: HDAudPropShortcut.exe
    file: C:\WINDOWS\system32\HDAudPropShortcut.exe
    size: 61952
    MD5: 3e7a11c1c4ebd2c3c52197238df4e14b

    Located: HK_LM:Run, HostManager
    command: C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
    file: C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
    size: 159832
    MD5: f272c718d0a1608f04e66cad9af43d46

    Located: HK_LM:Run, Imonitor
    command: "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
    file: C:\Program Files\McAfee\QuickClean\Plguni.exe
    size: 98304
    MD5: 3c246a878620c3393d17e92baae05afd

    Located: HK_LM:Run, MCAgentExe
    command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    size: 278528
    MD5: c9a041d6e5211ca48aeba3ac1987d837

    Located: HK_LM:Run, MCUpdateExe
    command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    size: 180224
    MD5: c7d0c96ad30cfafc37f621c75fad6252

    Located: HK_LM:Run, MPFExe
    command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    size: 1380352
    MD5: 40ea79a23fce6aa3976d0e6cd0a009d9

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 1519616
    MD5: 60d44ef1cb5f41160e9d0a7e637cc8aa

    Located: HK_LM:Run, RealTray
    command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    file:

    Located: HK_LM:Run, SoundMan
    command: SOUNDMAN.EXE
    file: C:\WINDOWS\SOUNDMAN.EXE
    size: 86016
    MD5: e44cf0ab3dafb101971b6d7bc811bc51

    Located: HK_LM:Run, SpySweeper
    command: "C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    file: C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
    size: 3296256
    MD5: d56c4031c94f7dc9567b53d54d92d0d2

    Located: HK_LM:Run, type32
    command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 172032
    MD5: 05e10c2c3736e52fe33d16d2f9c73c04

    Located: HK_LM:Run, VirusScan Online
    command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    size: 163840
    MD5: 3fe1e841ed8483f7a75a1e86f6fc2216

    Located: HK_LM:Run, VSOCheckTask
    command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    size: 122880
    MD5: 1330323afadf53f9fd1fd428fbaf8e2b

    Located: HK_CU:Run, AOL Fast Start
    command: "C:\Program Files\AOL 9.0\AOL.EXE" -b
    file: C:\Program Files\AOL 9.0\AOL.EXE
    size: 50776
    MD5: 79c12b112b75a8a4c337857c5e99a219

    Located: HK_CU:Run, McAfee.InstantUpdate.Monitor
    command: "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    file: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    size: 122948
    MD5: 4bfc3d39305984c6583a042628956d84

    Located: HK_CU:Run, PopUpWasher
    command: C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
    file: C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
    size: 396288
    MD5: 9883bead2245253c1a8d76abffe0c134

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, WRNotifier
    command: WRLogonNTF.dll
    file: WRLogonNTF.dll



    --- Browser helper object list ---
    {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} (Popup Killer)
    BHO name:
    CLSID name: Popup Killer
    description: Pop-Up Washer, Pop-Up Washer
    classification: Legitimate
    known filename: PopUpWasher21.dll
    info link: http://www.popup-killer.info/popup-washer/
    info source: TonyKlein
    Path: C:\WINDOWS\
    Long name: PopUpWasher21.dll
    Short name: POPUPW~1.DLL
    Date (created): 21/10/2005 12:44:28 PM
    Date (last access): 07/11/2005 5:22:00 PM
    Date (last write): 08/09/2004 1:19:42 PM
    Filesize: 126976
    Attributes: archive
    MD5: 9603AFC1041B5EDE8D88A016708B959F
    CRC32: 1007037E
    Version: 2.1.0.1

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 06/11/2005 2:00:00 PM
    Date (last access): 07/11/2005 5:22:00 PM
    Date (last write): 31/05/2005 1:04:00 AM
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    --- ActiveX list ---
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?linkid=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 12/07/2005 5:04:22 PM
    Date (last access): 07/11/2005 8:46:00 AM
    Date (last write): 29/08/2005 12:27:12 PM
    Filesize: 520968
    Attributes: archive
    MD5: 679088DD42AFB105A6DA3F5E876D69B6
    CRC32: 80D21320
    Version: 1.3.272.0

    {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
    DPF name:
    CLSID name: McAfee.com Operating System Class
    Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
    Codebase: http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
    description:
    classification: Open for discussion
    known filename: mcinsctl.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: mcinsctl.dll
    Short name:
    Date (created): 11/09/2005 3:27:22 PM
    Date (last access): 07/11/2005 5:20:40 PM
    Date (last write): 09/06/2004 5:24:10 PM
    Filesize: 341088
    Attributes: archive
    MD5: 51C1F2F0034A18C9CB562F12CD392A30
    CRC32: 904D5FFB
    Version: 4.0.0.83

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
    Codebase: http://update.microsoft.com/microsof...?1129219796406
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 26/05/2005 3:19:32 AM
    Date (last access): 07/11/2005 5:49:42 PM
    Date (last write): 26/05/2005 3:19:32 AM
    Filesize: 178408
    Attributes: archive
    MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
    CRC32: F5494B06
    Version: 5.8.0.2469

    {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
    DPF name:
    CLSID name: DwnldGroupMgr Class
    Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
    Codebase: http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
    description:
    classification: Open for discussion
    known filename: McGDMgr.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: McGDMgr.dll
    Short name:
    Date (created): 11/09/2005 3:27:22 PM
    Date (last access): 07/11/2005 5:20:40 PM
    Date (last write): 14/06/2004 4:02:08 PM
    Filesize: 279640
    Attributes: archive
    MD5: E8074DB73A77854CD588B08398BE4FC2
    CRC32: C5AFD416
    Version: 1.0.0.20

  7. #7
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 696 ( 4) \SystemRoot\System32\smss.exe
    PID: 752 ( 696) \??\C:\WINDOWS\system32\csrss.exe
    PID: 776 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 820 ( 776) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 832 ( 776) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 976 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1036 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1076 ( 820) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1160 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1176 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1396 ( 820) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1568 (1520) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 1620 ( 820) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    size: 100016
    MD5: 7FB54900AA9792AB6307C699EC1859D4
    PID: 1724 (1620) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    size: 46768
    MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
    PID: 1732 ( 820) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    size: 106496
    MD5: B1E94B3ED8AF23AEBBC2CCFCCADBA104
    PID: 1780 ( 820) C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    size: 503808
    MD5: B4569B83EAC67EFF8CB136A7D756F0E4
    PID: 1796 ( 820) C:\WINDOWS\system32\nvsvc32.exe
    size: 131139
    MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
    PID: 1848 ( 820) C:\WINDOWS\System32\snmp.exe
    size: 32768
    MD5: D923BF27723E28E3C121B77F52DB4BCE
    PID: 1964 ( 820) C:\Program Files\Spyware\Webroot\Spy Sweeper\WRSSSDK.exe
    size: 2116096
    MD5: 8DCB6BD13899E1629DA2FFDC054D396C
    PID: 212 (1568) C:\WINDOWS\system32\carpserv.exe
    size: 4608
    MD5: 9AAF44FDF3A5517066B286B80C4A149F
    PID: 224 (1568) C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 172032
    MD5: 05E10C2C3736E52FE33D16D2F9C73C04
    PID: 228 ( 820) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: C81B8635DEE0D3EF5F64B3DD643023A5
    PID: 240 (1568) C:\Program Files\Real\RealPlayer\RealPlay.exe
    size: 26112
    MD5: 849D97FE4CC09CFC2772D10F641E1BAF
    PID: 408 ( 820) C:\WINDOWS\wanmpsvc.exe
    size: 65536
    MD5: ADBF8F672C871B606E94730BE4217B14
    PID: 436 (1568) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    size: 163840
    MD5: 3FE1E841ED8483F7A75A1E86F6FC2216
    PID: 528 ( 436) c:\progra~1\mcafee.com\vso\mcvsescn.exe
    size: 417849
    MD5: C87CCFAC151DA6D88F50608F2E3C8DC2
    PID: 532 ( 436) c:\program files\mcafee.com\agent\mcagent.exe
    size: 278528
    MD5: C9A041D6E5211CA48AEBA3AC1987D837
    PID: 604 (1568) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    size: 1380352
    MD5: 40EA79A23FCE6AA3976D0E6CD0A009D9
    PID: 620 (1568) C:\WINDOWS\SOUNDMAN.EXE
    size: 86016
    MD5: E44CF0AB3DAFB101971B6D7BC811BC51
    PID: 632 (1568) C:\WINDOWS\ALCWZRD.EXE
    size: 2807808
    MD5: 057C8F39C09F60216C452EED19AD3CB2
    PID: 736 (1568) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    size: 79448
    MD5: 217697C43BFF8D740CFBB9AD87621519
    PID: 796 (1568) C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
    size: 3296256
    MD5: D56C4031C94F7DC9567B53D54D92D0D2
    PID: 880 (1568) C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 1104 (1568) C:\Program Files\McAfee\QuickClean\Plguni.exe
    size: 98304
    MD5: 3C246A878620C3393D17E92BAAE05AFD
    PID: 1120 (1568) C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
    size: 396288
    MD5: 9883BEAD2245253C1A8D76ABFFE0C134
    PID: 1148 (1568) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    size: 122948
    MD5: 4BFC3D39305984C6583A042628956D84
    PID: 1320 ( 976) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    size: 569344
    MD5: 308E0DC5A1849F4529D8B6AB5871841F
    PID: 2068 ( 636) c:\program files\common files\aol\1107544306\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    size: 1536
    MD5: F04DD4A47D7672E8E0F861BD3EE12EFD
    PID: 2216 ( 976) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 218112
    MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
    PID: 2420 ( 820) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    size: 225375
    MD5: 97ADDEE4DC70929A8B482A7AE7842920
    PID: 2652 ( 820) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 1864 (1568) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 3872 (1568) C:\Program Files\Windows NT\Accessories\wordpad.exe
    size: 214528
    MD5: F0543ACEEB5CD8821469958C9F3DD9A4
    PID: 4072 (4004) C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
    size: 159832
    MD5: F272C718D0A1608F04E66CAD9AF43D46
    PID: 3892 (4072) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
    size: 151128
    MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
    PID: 1112 (3892) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
    size: 151128
    MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
    PID: 4 ( 0) System

  8. #8
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 07/11/2005 6:04:00 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://home.microsoft.com/search/search.asp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 7: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

  9. #9
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 696 ( 4) \SystemRoot\System32\smss.exe
    PID: 752 ( 696) \??\C:\WINDOWS\system32\csrss.exe
    PID: 776 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 820 ( 776) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 832 ( 776) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 976 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1036 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1076 ( 820) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1160 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1176 ( 820) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1396 ( 820) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1568 (1520) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 1620 ( 820) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    size: 100016
    MD5: 7FB54900AA9792AB6307C699EC1859D4
    PID: 1724 (1620) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    size: 46768
    MD5: CAF7C2FDDADF73A02AC84C6FB6030BBF
    PID: 1732 ( 820) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    size: 106496
    MD5: B1E94B3ED8AF23AEBBC2CCFCCADBA104
    PID: 1780 ( 820) C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    size: 503808
    MD5: B4569B83EAC67EFF8CB136A7D756F0E4
    PID: 1796 ( 820) C:\WINDOWS\system32\nvsvc32.exe
    size: 131139
    MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
    PID: 1848 ( 820) C:\WINDOWS\System32\snmp.exe
    size: 32768
    MD5: D923BF27723E28E3C121B77F52DB4BCE
    PID: 1964 ( 820) C:\Program Files\Spyware\Webroot\Spy Sweeper\WRSSSDK.exe
    size: 2116096
    MD5: 8DCB6BD13899E1629DA2FFDC054D396C
    PID: 212 (1568) C:\WINDOWS\system32\carpserv.exe
    size: 4608
    MD5: 9AAF44FDF3A5517066B286B80C4A149F
    PID: 224 (1568) C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 172032
    MD5: 05E10C2C3736E52FE33D16D2F9C73C04
    PID: 228 ( 820) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: C81B8635DEE0D3EF5F64B3DD643023A5
    PID: 240 (1568) C:\Program Files\Real\RealPlayer\RealPlay.exe
    size: 26112
    MD5: 849D97FE4CC09CFC2772D10F641E1BAF
    PID: 408 ( 820) C:\WINDOWS\wanmpsvc.exe
    size: 65536
    MD5: ADBF8F672C871B606E94730BE4217B14
    PID: 436 (1568) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    size: 163840
    MD5: 3FE1E841ED8483F7A75A1E86F6FC2216
    PID: 528 ( 436) c:\progra~1\mcafee.com\vso\mcvsescn.exe
    size: 417849
    MD5: C87CCFAC151DA6D88F50608F2E3C8DC2
    PID: 532 ( 436) c:\program files\mcafee.com\agent\mcagent.exe
    size: 278528
    MD5: C9A041D6E5211CA48AEBA3AC1987D837
    PID: 604 (1568) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    size: 1380352
    MD5: 40EA79A23FCE6AA3976D0E6CD0A009D9
    PID: 620 (1568) C:\WINDOWS\SOUNDMAN.EXE
    size: 86016
    MD5: E44CF0AB3DAFB101971B6D7BC811BC51
    PID: 632 (1568) C:\WINDOWS\ALCWZRD.EXE
    size: 2807808
    MD5: 057C8F39C09F60216C452EED19AD3CB2
    PID: 736 (1568) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    size: 79448
    MD5: 217697C43BFF8D740CFBB9AD87621519
    PID: 796 (1568) C:\Program Files\Spyware\Webroot\Spy Sweeper\SpySweeper.exe
    size: 3296256
    MD5: D56C4031C94F7DC9567B53D54D92D0D2
    PID: 880 (1568) C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 1104 (1568) C:\Program Files\McAfee\QuickClean\Plguni.exe
    size: 98304
    MD5: 3C246A878620C3393D17E92BAAE05AFD
    PID: 1120 (1568) C:\Program Files\Spyware\Webroot\PopUpWasher\PopUpWasher.exe
    size: 396288
    MD5: 9883BEAD2245253C1A8D76ABFFE0C134
    PID: 1148 (1568) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    size: 122948
    MD5: 4BFC3D39305984C6583A042628956D84
    PID: 1320 ( 976) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    size: 569344
    MD5: 308E0DC5A1849F4529D8B6AB5871841F
    PID: 2068 ( 636) c:\program files\common files\aol\1107544306\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    size: 1536
    MD5: F04DD4A47D7672E8E0F861BD3EE12EFD
    PID: 2216 ( 976) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 218112
    MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
    PID: 2420 ( 820) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    size: 225375
    MD5: 97ADDEE4DC70929A8B482A7AE7842920
    PID: 2652 ( 820) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 1864 (1568) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 3872 (1568) C:\Program Files\Windows NT\Accessories\wordpad.exe
    size: 214528
    MD5: F0543ACEEB5CD8821469958C9F3DD9A4
    PID: 4072 (4004) C:\Program Files\Common Files\AOL\1107544306\ee\AOLHostManager.exe
    size: 159832
    MD5: F272C718D0A1608F04E66CAD9AF43D46
    PID: 3892 (4072) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
    size: 151128
    MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
    PID: 1112 (3892) C:\Program Files\Common Files\AOL\1107544306\ee\AOLServiceHost.exe
    size: 151128
    MD5: 44A2EDD53616FD034FFFB9CBC4193E8E
    PID: 4 ( 0) System

  10. #10
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 07/11/2005 6:04:00 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://home.microsoft.com/search/search.asp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 7: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40497661-2C46-4977-A8CA-D7F75D69C269}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEF30111-2845-498A-AC84-12C1F44E10F8}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86126D7A-97F3-47E7-B660-B21FE109268D}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A81AA565-27CA-4DB6-95D6-4762DE8F98D0}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B5819D3A-BC61-4B76-816B-FD82E46CF7DB}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A93AAA4-D005-49E1-984C-A47A4AD950C0}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •