sbsd can´t start - logfile is to big [LOGS]

**idanian** · 2006-04-11, 22:25

Hi everybody, i got a problem: At first the old version from sbsd don´t start and also next the new one 1.4. The system is up to date and windows 2000 startes normaly but not in the save mode or smething else. Allways hang on the blue screen and make a memorymirror? or something that i can´t explain in english. I post here also the SBSD log file. Becuse Mc surf from sbsd-team mean here are many trojans and so on and this posting here could be helpfull (and i hope to). Maybe somebody could tell me, what I should do next.
Greetings idan

**idanian** · 2006-04-11, 22:32

I try to post the log file from thread sbsd can´t start.

gnnnn.... the logfile is to big!!! What would you do now?

idan

**tashi** · 2006-04-11, 23:14

Hello.

This is the malware removal forum, to post here please follow these instructions.
Before you post a log, and who will advise you.

Copy and Paste the HJT log into this topic by clicking Submit Reply not start new topic.

Someone will then take a look at the system as soon as available.

Cheers.

**idanian** · 2006-04-12, 15:07

Put in again, twotimes now, and what means no zero posts?
idan
That message was for our Helpers so they did not think you were already being assisted, they look for zero response posts. Now changed to [LOGS]- tashi

Logfile of HijackThis v1.99.1
Scan saved at 14:16:55, on 12.04.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\Mixer.exe
C:\Programme\Ahead\InCD\InCD.exe
F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
F:\Programme\iTunes\iTunesHelper.exe
C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Programme\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINNT\system\cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINNT\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124355623000
O23 - Service: BitDefender Scan Server (bdss) - Broadcom Corporation - (no file)
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\System32\pctspk.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

**MacSurf** · 2006-04-12, 15:53

then now I will post the Runalyzer log for Idanian:

RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. All rights reserved.
SBSD compatible log file. All rights reserved.
This log includes only active entries.
This log includes only unknown and bad entries.

--- Startup entries list ---

Located: File extension handler (user),
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: File extension handler (user),
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: File extension handler (user),
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: File extension handler (common),
command: "%1" %*
file: "%1" %*
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Print Monitor, Samsung Network Printer Port
command: secmon.dll
file: secmon.dll
size: 307200
MD5: 6861B09928409108877F56ED0CD917FB

Located: Print Monitor, Standard TCP/IP Port
command: tcpmon.dll
file: tcpmon.dll
size: 42768
MD5: 3C3B1785609B511A65AF8EEEE2792376

Located: Print Monitor, BJ Language Monitor
command: cnbjmon.dll
file: cnbjmon.dll
size: 48400
MD5: 52F210506755B1D0463B07F0FAE83C9D

Located: Print Monitor, Local Port
command: localspl.dll
file: localspl.dll
size: 268048
MD5: DBED8CA010295B7984B4170260E2075D

Located: Print Monitor, EPSON V3 2KMonitor302
command: E_SL2302.DLL
file: E_SL2302.DLL
size: 60020
MD5: C5C0F8DBD78A57A6B4B41738B149226D

Located: Print Monitor, PJL Language Monitor
command: pjlmon.dll
file: pjlmon.dll
size: 13072
MD5: 24848E8A7A64C8B51A6E6734687FC637

Located: Print Monitor, USB Monitor
command: usbmon.dll
file: usbmon.dll
size: 11536
MD5: 308D74156D7BF2F36011013B363A4E6D

Located: Print Monitor, Windows NT Fax Monitor
command: msfaxmon.dll
file: msfaxmon.dll
size: 18704
MD5: A0C92D36B946CB1D7CA5B327047F12B3

Located: Known DLLs, oleaut32
command: oleaut32.dll
file: oleaut32.dll
size: 626960
MD5: C2161EE5F97D5C03A0B8EE6BAAD7CF45

Located: Known DLLs, olecnv32
command: olecnv32.dll
file: olecnv32.dll
size: 36624
MD5: 2B7DFA645F9F6D7829458730D27BEA20

Located: Known DLLs, olecli32
command: olecli32.dll
file: olecli32.dll
size: 69392
MD5: DF033E3AB225932C40F58A5F1CDB28CD

Located: Known DLLs, wininet
command: wininet.dll
file: wininet.dll
size: 582144
MD5: 7B1BF7F72192BF7D535ADD02F307042F

Located: Known DLLs, wldap32
command: wldap32.dll
file: wldap32.dll
size: 146704
MD5: 329815B897693148860D3556F32E5AA8

Located: Known DLLs, kernel32
command: kernel32.dll
file: kernel32.dll
size: 768272
MD5: 13D3F73340FCD5E99AA8123DF0EC5059

Located: Known DLLs, ole32
command: ole32.dll
file: ole32.dll
size: 957712
MD5: F1B9E53B1FECDAC4B206EE4E95D08568

Located: Known DLLs, lz32
command: lz32.dll
file: lz32.dll
size: 10000
MD5: D6487EB31F3B12E95A073150144CCCF0

Located: Known DLLs, user32
command: user32.dll
file: user32.dll
size: 420112
MD5: B462F0A99E442DBA27B80130989DDCF9

Located: Known DLLs, shell32
command: shell32.dll
file: shell32.dll
size: 2385168
MD5: 6DA8C183693957F4BF70F854E0F30436

Located: Known DLLs, urlmon
command: urlmon.dll
file: urlmon.dll
size: 461312
MD5: 14FF93A85B41A0CEEAB028B01252A6B1

Located: Known DLLs, url
command: url.dll
file: url.dll
size: 108544
MD5: B9A37F642D45BDA991D2058D57ED17CD

Located: Known DLLs, olethk32
command: olethk32.dll
file: olethk32.dll
size: 70928
MD5: 44A85929F2202C9813F41D443227B9CA

Located: Known DLLs, olesvr32
command: olesvr32.dll
file: olesvr32.dll
size: 22800
MD5: AEF4E84DB2ADDE0674B5B1A2D4E8FD59

Located: Known DLLs, version
command: version.dll
file: version.dll
size: 16144
MD5: 8ED618DBF18AE3EC6B2678F5E94CFF80

Located: Known DLLs, rpcrt4
command: rpcrt4.dll
file: rpcrt4.dll
size: 477968
MD5: 7FC372D600359195222C052519AABF1D

Located: Known DLLs, DllDirectory
command: %SystemRoot%\system32
file: %SystemRoot%\system32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Known DLLs, comdlg32
command: comdlg32.dll
file: comdlg32.dll
size: 245520
MD5: 59E59B0773F63EF93BFAC7823B72E9F3

Located: Known DLLs, imagehlp
command: imagehlp.dll
file: imagehlp.dll
size: 128784
MD5: 38BFBF7E19D70E64200AEC8AFD39EAE0

Located: Known DLLs, advapi32
command: advapi32.dll
file: advapi32.dll
size: 401680
MD5: 2A9A9BE354826E8EAE0E556D51754399

Located: Known DLLs, gdi32
command: gdi32.dll
file: gdi32.dll
size: 233744
MD5: 17F8047582D8A35241A3B19F17E1E8C4

Located: Safe Boot Shell, AlternateShell
command: cmd.exe
file: cmd.exe
size: 249616
MD5: 37D3CA50DE95F7DD1724364A2E2FCF8E

Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Screen Saver Policy, SCRNSAVE.EXE
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Screen Saver, SCRNSAVE.EXE
where: .DEFAULT...
command: logon.scr
file: logon.scr
size: 130832
MD5: C4D6A6130824A9A0AAF96EBDA928CA0E

Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: User Shell Policy, Shell
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: User Shell Policy, Shell
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: User Shell Policy, Shell
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Run, run
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Run, run
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Run, run
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Load, load
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Load, load
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT Load, load
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: CP AutoRun (user), AutoRun
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Boot Execute, BootExecute
command: autocheck autochk *
file: autocheck autochk *
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: GINA, GinaDLL
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: NT System, System
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Task Manager, TaskMan
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Shell, Shell
command: Explorer.exe
file: Explorer.exe
size: 245008
MD5: 9A067872F0A9DC15E93DBEFC9E1453A7

Located: User Init, UserInit
command: C:\WINNT\system32\userinit.exe,
file: C:\WINNT\system32\userinit.exe,
size: 17680
MD5: 11A1AA9DF8C44386F72018D06F2E0E71

Located: Startup (user), Microsoft Outlook.lnk
where: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart...
command: C:\WINNT\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\outicon.exe
file: C:\WINNT\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\outicon.exe
size: 104960
MD5: DA5A1242C2B4F60E1C51D7F684DB5283

Located: Startup (common), EPSON Status Monitor 3 Environment Check 2.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 113152
MD5: 65976E71A627A558842D95F8942496A4

Located: HK_CU:Run, UIWatcher
where: S-1-5-21-1417001333-507921405-1202660629-500...
command: C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
file: C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
size: 585728
MD5: A22763562C9A906A02B3A0383BADF8E7

Located: HK_CU:Run, NVIEW
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, iTunesHelper
command: "F:\Programme\iTunes\iTunesHelper.exe"
file: F:\Programme\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072A594E1310C0B7D0A93771E8BD

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINNT\system32\nwiz.exe
size: 372736
MD5: 97AB6A203CF69E33D35AF0ACE2C6C196

Located: HK_LM:Run, NVCLOCK
command: rundll32 nvclock.dll,fnNvclock
file: C:\WINNT\system32\nvclock.dll
size: 69632
MD5: FAC29140F37F3F3DD07D3F2A1772E073

Located: HK_LM:Run, CountrySelection
command: pctptt.exe
file: C:\WINNT\system32\pctptt.exe
size: 68096
MD5: 19A402B61982F410AFA908A5D19B17DF

Located: HK_LM:Run, SunJavaUpdateSched
command: F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
file: F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100

Located: HK_LM:Run, Cmaudio
command: RunDll32 c:\WINNT\system\cmicnfg.cpl,CMICtrlWnd
file: c:\WINNT\system\cmicnfg.cpl
size: 425984
MD5: E9FA3675AEFBBFDB91B8727499C743C2

--- Startup entries list ---

Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

**MacSurf** · 2006-04-12, 15:58

BHOs:

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
Path: C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 23.11.2002 22:34:42
Date (last access): 04.04.2006 21:41:54
Date (last write): 16.04.2001 16:39:02
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{53707962-6F74-2D53-2644-206D7942484F} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Programme\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 31.03.2006 23:41:50
Date (last access): 04.04.2006 21:41:54
Date (last write): 31.05.2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{32683183-48a0-441b-a342-7c2a440a9478} (Media Band)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name: Media Band
CLSID name: Media Band
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: 7E2ABB322287B7313314C136D9238C4A
Filesize: 1017856

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} (File and Folders Search ActiveX Control)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: File and Folders Search ActiveX Control
Path: C:\WINNT\system32\
Long name: SHELL32.DLL
Short name:
Date (created): 23.09.2005 13:03:10
Date (last access): 04.04.2006 21:38:24
Date (last write): 23.09.2005 13:03:10
Filesize: 2385168
Attributes: archive
MD5: 6DA8C183693957F4BF70F854E0F30436
CRC32: F5DB6F7E
Version: 5.0.3900.7071

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} (Explorer-Band)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: Explorer-Band
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: BE7F5939F68580A67D63308FC2FF55E1
Filesize: 1339392

{166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Shockwave Director 9.0)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Macromedia Shockwave Director 9.0
CLSID name: Shockwave ActiveX Control
Path: C:\WINNT\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 12.11.2003 22:30:54
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.02.2003 06:02:58
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 8.5.1.102

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Microsoft Windows Media Player 6.4)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Microsoft Windows Media Player 6.4
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{283807B5-2C60-11D0-A31D-00AA00B92C03} (DirectAnimation)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: DirectAnimation
CLSID name:
Path: C:\WINNT\System32\
Long name: DANIM.DLL
Short name:
Date (created): 10.12.1999 14:00:00
Date (last access): 04.04.2006 21:42:54
Date (last write): 20.10.2005 20:08:50
Filesize: 988160
Attributes: archive
MD5: 91F45524319609780FC1CB67259F8D94
CRC32: 06DE728D
Version: 6.3.1.148

{685e3910-1f77-49b9-9434-50bcd95c51ab} (KB905495)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB905495
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{82ced0ff-a00d-4405-ba5f-ef4699159333} (KB896727)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB896727
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{ae594d5e-dd07-4e54-8252-daa5aebbd4ec} (KB905915)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB905915
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{D27CDB6E-AE6D-11cf-96B8-444553540000} (Macromedia Shockwave Flash)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Macromedia Shockwave Flash
CLSID name: Shockwave Flash Object
Path: C:\WINNT\system32\
Long name: Flash.ocx
Short name:
Date (created): 03.03.2005 18:25:04
Date (last access): 04.04.2006 21:42:54
Date (last write): 22.10.2004 21:49:00
Filesize: 1004760
Attributes: archive
MD5: B18356A63521D643BFA01FC1EECFD24E
CRC32: 8DF05CF5
Version: 7.0.19.0

{eddbec60-89cb-44ef-8291-0850fd28ff6a} (Q832894)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Q832894
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmp.dll
Short name:
Date (created): 03.08.2004 23:56:48
Date (last access): 04.04.2006 21:42:54
Date (last write): 19.12.2005 20:30:46
Filesize: 4730880
Attributes: archive
MD5: CDACF0544AFF72460F4545C63BA999A5
CRC32: BC53AFD8
Version: 9.0.0.3344

>{26923b43-4d38-484f-9b9e-de460746276c} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6A5110B5-E14B-4268-A065-EF89FF33C325} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmp.dll
Short name:
Date (created): 03.08.2004 23:56:48
Date (last access): 04.04.2006 21:42:54
Date (last write): 19.12.2005 20:30:46
Filesize: 4730880
Attributes: archive
MD5: CDACF0544AFF72460F4545C63BA999A5
CRC32: BC53AFD8
Version: 9.0.0.3344

{7790769C-0471-11d2-AF11-00C04FA35D02} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{89820200-ECBD-11cf-8B85-00AA005B4340} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{89820200-ECBD-11cf-8B85-00AA005B4383} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (Sun Java Konsole)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: Sun Java Konsole
CLSID name: Web Browser Applet Control
Path: C:\Programme\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03.06.2005 04:52:58
Date (last access): 04.04.2006 21:42:56
Date (last write): 03.06.2005 05:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{ECC5777A-6E88-BFCE-13CE-81F134789E8B} (&EasyFreeWebCam)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: &EasyFreeWebCam
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

CmdMapping ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

CmdMapping ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{B41DB860-8EE4-11D2-9906-E49FADC173CA} (WinRAR shell extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: WinRAR shell extension
CLSID name: WinRAR
Path: C:\Programme\WinRAR\
Long name: RarExt.dll
Short name:
Date (created): 27.11.2002 21:49:38
Date (last access): 04.04.2006 21:42:56
Date (last write): 10.11.2002 17:37:38
Filesize: 118784
Attributes: archive
MD5: 359EC49B44F17BE0ABE0A9047582552A
CRC32: 85AD1900

{F5D92341-0A64-11D0-9956-0000E8096023} (CD Copy Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Copy Shell Extension
CLSID name: CD Copy Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0

**MacSurf** · 2006-04-12, 15:59

and the rest without services so far:

{F5D92341-0A64-11D0-9956-0000E8096023} (CD Copy Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Copy Shell Extension
CLSID name: CD Copy Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0

{F5D92342-0A64-11D0-9956-0000E8096023} (CD Wizard Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Wizard Shell Extension
CLSID name: CD Wizard Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0

{F5D92344-0A64-11D0-9956-0000E8096023} (InstantWrite Shellextension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: InstantWrite Shellextension
CLSID name: InstantWrite Shellextension
Path: C:\WINNT\system32\ShellExt\
Long name: iwshex.dll
Short name:
Date (created): 21.07.2004 11:36:20
Date (last access): 04.04.2006 21:42:56
Date (last write): 21.07.2004 11:36:20
Filesize: 640000
Attributes: archive
MD5: CE3F09C449C3AE6E6D5F555B5777645D
CRC32: 9C4C39E7
Version: 4.0.0.58

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} (BitDefender Antivirus v7)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: BitDefender Antivirus v7
CLSID name: BitDefender Antivirus v7
MD5: D41D8CD98F00B204E9800998ECF8427E

--- Browser helper object list ---

--- ActiveX list ---

{41564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmvadvd.inf
Codebase: http://download.microsoft.com/downlo...1F/wmvadvd.cab
MD5: D41D8CD98F00B204E9800998ECF8427E

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

**LonnyRJones** · 2006-04-12, 23:28

Post reports from one or better yet both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.

**idanian** · 2006-04-13, 12:54

here is the result from panda:
Incident Status Location

Adware:adware/bookedspace Not disinfected C:\WINNT\bs.dll

The other one scans no virus or something else, and there was no log, report or so.

Not realy helpfull, isn´t it?
idanian

**LonnyRJones** · 2006-04-13, 13:07

Can you delete that file ?

Scan with hijackthis place a check next to these items and hit fix checked
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Broadcom Corporation - (no file)
==============
Restart the PC

Have you uninstalled SpyBot without using Ashampoo UnInstaller, reboot the pc and installed again ?

Thread: sbsd can´t start - logfile is to big [LOGS]

Thread Tools

Display

sbsd can´t start - logfile is to big [LOGS]

sbsd can´t start - logfile is to big

äh, logfile again

Posting Permissions