Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: www.yahabags.com

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    2

    Default www.yahabags.com

    I'm not exactly sure what is causing it, but something keeps redirecting me to the page at
    Code:
    www.yahabags.com
    and then to either

    Code:
    http://64.182.127.227/redgk.php?mc=VPgVcWxKNu03%2B2syWDdRsqh6Xxp4LahshzNLrqNIOPA4%2F2QpU%2FAQcm9MLOg2AHAyT%2FEYcG5LMu46%2FnAyVPcQcXFGLOg1%2FmQqUvgPdnRJL%2BY2AG0tUfUPcW1MLug3%2BWgwVPochap%2BXyRlLYNdkiEcemxELugz%2BmsyWDZLpKGFHh1jNZsYkiFErJ2KcyhnAnAyWChWtKxQLeVl9ptmhiFQo6FEYSVv95k3g%2FEfmqSHbzBGGqM%2BkitXiJNdd%2FxcFaFCYy0vlaGAXyZmOGhOai0qqm9tcR5RIZpjbRpXmp6JMyFZMY5ldTpEq7FpWP1NOY9tgyw8halLc%2F5FMGdhgjRal6NGXy1OHGhtUhojj45YVRB5QKs%2FjzNXc52AUyhqHoE6cQtTh5FIaR15O4ltlyVUl4RpZRxIP5trjyUti7FqbwVoKqVfeAg1da5fbTAzDo8tXwooka1ia%2FlGC61nlTQTiZNaUyhyDqxriAREtJ6DeCFXQJA6hAVQmLKOYwNTKqdMcgkxsX1XTfp4P7BPkRUwk6FLUiBOCqlLjjUtpKiGUR1QMoxolTJbl6%2BCRgVjGH5dYggklolvVClXIbBLYg9adLZpSAVNQak%2FeA9VjYhJaQxPGqdwbjFZl4ttbQJMGoJHaSxOl42AQhxuFGs9kANWs4VvRBh6KqBrgyRQcISPRyZcOINcZQZRmZVtQyRqCnhvZAJXqmJ%2BOytMHZwtXwFacoVgay5lCYBlRCIfcXRJNuY2&v=51d312a2d11d88fb46eb7159a9f1bc41
    or

    Code:
    http://67.29.139.199/click/?affiliate=VK2&subid=1008&Terms=lighting%20fixtures&sid=Z092044902x81M3d3dfhTNwgDM0ETMxQDM3AjN48VN4EDMx81MyMjN3IDM2ETM
    Has anyone else had this happen?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Gopherbassist

    Your description sounds like a HiJacked browser, can you give more details please.

    1) Operating System.
    2) Security programs installed.
    3) Open Spybot>Help>About
    Let us know the version and latest detection update please.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member moldybagel23's Avatar
    Join Date
    Apr 2006
    Location
    Minnesota
    Posts
    40

    Default

    Hi,

    I did some looking around on the sites, I'm trying to find more about the cookies left when using firefox.
    For that bottom link, here is the contents of the cookie thats left when visiting the site:

    Name of cookie:
    LiveHelpSession

    Contents:
    a%3A2%3A%7Bs%3A7%3A%22REQUEST%22%3Bi%3A594447%3Bs
    %3A8%3A%22LANGUAGE%22%3Bs%3A2%3A%22en%22%3B%7D

    Ill work more with this later, hopefully you guys can add this to the tracking/spyware cookie listings in a future update.
    Last edited by tashi; 2006-10-10 at 06:51. Reason: edit to remove stretched page
    Are you being watched?

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by Gopherbassist View Post
    I'm not exactly sure what is causing it, but something keeps redirecting me to the page at
    Code:
    www.yahabags.com
    if possible please attach a spybot or hijackthis log, so we have more hints for analysis

    that website appears to be a completely useless searchsite, searches are completely ignored and only the same result get shown.
    I added the website as well as the refernced daily-search website , wich is the same to our detection database. They will be flagged with our next update.


    Quote Originally Posted by Gopherbassist View Post
    Code:
    http://64.182.127.227/redgk.php?mc=VPgVcWxKNu03%2B2syWDdRsqh6Xxp4LahshzNLrqNIOPA4%2F2QpU%2FAQcm9MLOg2AHAyT%2FEYcG5LMu46%2FnAyVPcQcXFGLOg1%2FmQqUvgPdnRJL%2BY2AG0tUfUPcW1MLug3%2BWgwVPochap%2BXyRlLYNdkiEcemxELugz%2BmsyWDZLpKGFHh1jNZsYkiFErJ2KcyhnAnAyWChWtKxQLeVl9ptmhiFQo6FEYSVv95k3g%2FEfmqSHbzBGGqM%2BkitXiJNdd%2FxcFaFCYy0vlaGAXyZmOGhOai0qqm9tcR5RIZpjbRpXmp6JMyFZMY5ldTpEq7FpWP1NOY9tgyw8halLc%2F5FMGdhgjRal6NGXy1OHGhtUhojj45YVRB5QKs%2FjzNXc52AUyhqHoE6cQtTh5FIaR15O4ltlyVUl4RpZRxIP5trjyUti7FqbwVoKqVfeAg1da5fbTAzDo8tXwooka1ia%2FlGC61nlTQTiZNaUyhyDqxriAREtJ6DeCFXQJA6hAVQmLKOYwNTKqdMcgkxsX1XTfp4P7BPkRUwk6FLUiBOCqlLjjUtpKiGUR1QMoxolTJbl6%2BCRgVjGH5dYggklolvVClXIbBLYg9adLZpSAVNQak%2FeA9VjYhJaQxPGqdwbjFZl4ttbQJMGoJHaSxOl42AQhxuFGs9kANWs4VvRBh6KqBrgyRQcISPRyZcOINcZQZRmZVtQyRqCnhvZAJXqmJ%2BOytMHZwtXwFacoVgay5lCYBlRCIfcXRJNuY2&v=51d312a2d11d88fb46eb7159a9f1bc41
    or

    Code:
    http://67.29.139.199/click/?affiliate=VK2&subid=1008&Terms=lighting%20fixtures&sid=Z092044902x81M3d3dfhTNwgDM0ETMxQDM3AjN48VN4EDMx81MyMjN3IDM2ETM
    These other 2 searchsites appear to be actually working but need more analysis to determine if they are malicious in any way. It is possible that they acutally pay to get redirected to by the hijacker above.
    But for the time being they do not get added to our detection database.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Gopherbassist, just to clarify.

    These instructions are for Spybot-S&D version 1.4

    • Open SpyBot, check for and get any updates available.
    • Close all browsers, check for problems and fix everything found in red
    • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
    • Uncheck[ ] do not report disabled or known legitimate Items.
    • uncheck[ ] Include a list of services in report.
    • Uncheck[ ] Include uninstall list in report.
    • Now select (near the top) view report.
    • Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.


    If you wish to post a HJT log please do so in the malware forum:
    Malware Removal Forum

    Instructions for getting a HJT log are here:
    "BEFORE you POST" -Preliminary Steps
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    1

    Default yahabags.com

    I am having the same problem. I have run spybot, spyhunter, registry cleaners etc, and cannot get rid of this when searching with Explorer. Does anyone have a fix?

    Paul

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello

    I suggest following the instructions already posted above so that we have a log to work with.

    As for SpyHunter, please see:
    Note on Enigma SpyHunter:
    Rogue/Suspect Anti-Spyware Products & Web Sites
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Junior Member
    Join Date
    Oct 2006
    Posts
    1

    Default

    I get this too. When I click on a link at say google, it redirects me there and the only way I have to solve this is to backspace 2-3 times back to google, and click the link again, then it works. This happends about 1/10 links I click.

    I did what you said to the other person, that report, and I got this:
    SpybotSD.Report.txt:
    Your file of 41.9 KB bytes exceeds the forum's limit of 19.5 KB for this filetype.

    So I made it a zip file, hope it works.

    Thanks for any help, its annoying =/

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default Stealth-Ghost Log Part 1

    --- Search result list ---
    Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-01-17 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-10-20 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-10-20 Includes\DialerC.sbi (*)
    2006-10-13 Includes\Hijackers.sbi (*)
    2006-10-20 Includes\HijackersC.sbi (*)
    2006-10-20 Includes\Keyloggers.sbi (*)
    2006-10-20 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-10-20 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-10-20 Includes\PUPSC.sbi (*)
    2006-10-20 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-10-20 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-10-20 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-10-13 Includes\Trojans.sbi (*)
    2006-10-20 Includes\TrojansC.sbi (*)



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2

    <Snip> Removed Windows Updates List

    --- Startup entries list ---
    Located: HK_LM:Run, ATICCC
    command: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    file: C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
    size: 90112
    MD5: 0dc2e1b6951bd2170bc47f0eebf629b3

    Located: HK_LM:Run, AtiPTA
    command: atiptaxx.exe
    file: C:\WINDOWS\system32\atiptaxx.exe
    size: 344064
    MD5: 0bc11b0f5dbd99089157fcf6267a812c

    Located: HK_LM:Run, CTHelper
    command: CTHELPER.EXE
    file: C:\WINDOWS\CTHELPER.EXE
    size: 17920
    MD5: 866346f3d82f0ca2c7d80aff41a6e1d3

    Located: HK_LM:Run, CTxfiHlp
    command: CTXFIHLP.EXE
    file: C:\WINDOWS\system32\CTXFIHLP.EXE
    size: 18944
    MD5: 279615246e6343b7c4badbcb8cf37067

    Located: HK_LM:Run, Logitech Utility
    command: Logi_MwX.Exe
    file: C:\WINDOWS\Logi_MwX.Exe
    size: 19968
    MD5: cddabeaca10942f0ddde962fe0dac71a

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 155648
    MD5: c74c7963eec07af49dce44d64819b2bf

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    size: 36975
    MD5: 61a3a9d5d98bf0331df5b716144a8100

    Located: HK_CU:Run, AIM
    command: C:\Program Files\AIM\aim.exe -cnetwait.odl
    file:

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996a38c0b0cf151c2140ae29fc8

    Located: HK_CU:Run, MsnMsgr
    command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
    size: 5354792
    MD5: c1ee2387ede907599ee3a6de9493f672

    Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
    command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    size: 110592
    MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa

    Located: Startup (disabled), ATI CATALYST System Tray (DISABLED)
    command: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
    file: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe
    size: 45056
    MD5: 64c4c17bf6a40ff1cd21205e6fd415b8

    Located: Startup (disabled), Billminder (DISABLED)
    command: C:\QUICKENW\billmind.exe
    file:

    Located: Startup (disabled), BitTorrent (DISABLED)
    command: C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
    file:

    Located: Startup (disabled), Xfire (DISABLED)
    command: C:\PROGRA~1\Xfire\Xfire.exe
    file: C:\PROGRA~1\Xfire\Xfire.exe
    size: 2278912
    MD5: 75885bbea71f18b59d2bc3294307b678

    Located: System.ini, AtiExtEvent
    command: Ati2evxx.dll
    file: Ati2evxx.dll

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, geeda
    command: C:\WINDOWS\System32\geeda.dll
    file: C:\WINDOWS\System32\geeda.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll


    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    BHO name:
    CLSID name: AcroIEHlprObj Class
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 11/3/2003 4:17:44 PM
    Date (last access): 10/22/2006 4:05:46 AM
    Date (last write): 11/3/2003 4:17:44 PM
    Filesize: 54248
    Attributes: archive
    MD5: FC7850324464E4D19A24A03D882B5CC4
    CRC32: 452E8571
    Version: 6.0.1.1091

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 1/17/2006 9:57:20 PM
    Date (last access): 10/22/2006 4:44:18 AM
    Date (last write): 5/31/2005 2:04:00 AM
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

    {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    BHO name:
    CLSID name: DriveLetterAccess
    description: Hewlett-Packard's DLA software
    classification: Unknown
    known filename: tfswshx.dll
    info link:
    info source: TonyKlein
    Path: C:\WINDOWS\system32\dla\
    Long name: tfswshx.dll
    Short name:
    Date (created): 9/14/2004 8:56:10 AM
    Date (last access): 10/22/2006 4:42:12 AM
    Date (last write): 3/15/2004 12:04:00 AM
    Filesize: 118836
    Attributes: archive
    MD5: 3A79721C9ACC30CBA57266854C20238B
    CRC32: 6FCEA787
    Version: 1.4.7.1

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    BHO name:
    CLSID name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 3/2/2006 2:53:00 PM
    Date (last access): 10/22/2006 4:44:18 AM
    Date (last write): 11/10/2005 2:22:12 PM
    Filesize: 184423
    Attributes: archive
    MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
    CRC32: 0111B892
    Version: 5.0.60.5

    {80A44721-A513-46AC-8651-628A9C8C34A4} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\System32\
    Long name: nowlnwjs.dll
    Short name:
    Date (created): 3/23/2006 5:12:48 PM
    Date (last access): 10/22/2006 4:44:18 AM
    Date (last write): 3/23/2006 5:12:52 PM
    Filesize: 122900
    Attributes: archive
    MD5: 8285D2F94549579E5D5477862C93FFE7
    CRC32: 8947C7EA

    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Web assistant)
    BHO name: Web assistant
    CLSID name: CNisExtBho Class
    description: NIS 2004,
    classification: Legitimate
    known filename: NISShExt.dll
    info link: http://www.symantec.com/sabu/nis/nis_pe/
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\
    Long name: NISShExt.dll
    Short name:
    Date (created): 11/21/2003 3:04:52 PM
    Date (last access): 10/22/2006 4:42:12 AM
    Date (last write): 11/21/2003 3:04:52 PM
    Filesize: 126976
    Attributes: archive
    MD5: AA25220AFA13EECBE417A96DFEE4DF88
    CRC32: BF3755F7
    Version: 7.0.1.11

    {BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
    BHO name: NAV Helper
    CLSID name: CNavExtBho Class
    description: Norton Antivirus
    classification: Legitimate
    known filename: NavShExt.dll
    info link: http://www.symantec.com/nav/nav_9xnt/
    info source: TonyKlein
    Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
    Long name: NAVSHEXT.DLL
    Short name:
    Date (created): 9/28/2004 3:24:36 PM
    Date (last access): 10/22/2006 4:44:18 AM
    Date (last write): 12/4/2003 7:22:30 PM
    Filesize: 103368
    Attributes: archive
    MD5: 65C8A602DFA9D5860F1E328CB8575317
    CRC32: 929FB7E0
    Version: 10.0.10.13



    --- ActiveX list ---
    {00000055-9980-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\fhg.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/fhg.CAB
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {00000161-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\msaudio.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/msaudio.cab
    description: Microsoft Audio Codec
    classification: Legitimate
    known filename: MSAUDIO.CAB
    info link:
    info source: Patrick M. Kolla

    {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
    DPF name:
    CLSID name: Creative Software AutoUpdate
    Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
    Codebase: http://www.creative.com/su/ocx/15015/CTSUEng.cab
    description:
    classification: Legitimate
    known filename: CTSUEng.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: CTSUEng.ocx
    Short name:
    Date (created): 6/22/2005 7:37:28 PM
    Date (last access): 10/11/2006 6:13:02 PM
    Date (last write): 6/22/2005 7:37:28 PM
    Filesize: 225280
    Attributes: archive
    MD5: F78ACCCE90722CB62F2D3767BEEBA545
    CRC32: 03683A52
    Version: 1.50.12.0

    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
    Long name: SwDir.dll
    Short name:
    Date (created): 11/7/2004 9:31:24 PM
    Date (last access): 10/17/2006 8:57:12 PM
    Date (last write): 9/9/2004 4:45:18 PM
    Filesize: 54488
    Attributes: archive
    MD5: 12EF836DCCCDD0211F3E09D72812B9C6
    CRC32: 8038F1E1
    Version: 10.1.0.11

    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?LinkID=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 2/14/2006 10:20:14 AM
    Date (last access): 10/15/2006 6:24:02 PM
    Date (last write): 8/7/2006 9:50:22 AM
    Filesize: 1484592
    Attributes: archive
    MD5: 5E700932C726D5F845AF03478B999749
    CRC32: B7C379F2
    Version: 1.5.708.0

    {3253344D-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\mpg4sax.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/mpg4sax.cab

    {33564D57-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
    Codebase: http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
    DPF name:
    CLSID name: FilePlanet Download Control Class
    Installer:
    Codebase: http://www.fileplanet.com/fpdlmgr/ca...C_2.3.0.97.cab
    description:
    classification: Legitimate
    known filename: FilePlanetDownloadCtrl.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\IGN\Download Manager\
    Long name: FPDC.dll
    Short name:
    Date (created): 5/2/2006 9:43:42 PM
    Date (last access): 9/30/2006 2:19:44 AM
    Date (last write): 9/11/2006 12:50:26 PM
    Filesize: 353968
    Attributes: archive
    MD5: DFB5A258E773AC531874D2238BDE3A97
    CRC32: 7D6C5C73
    Version: 2.3.0.97

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 2:52:58 PM
    Date (last access): 9/19/2006 1:24:06 AM
    Date (last write): 11/10/2005 2:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default Log Part 2

    {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_03
    Installer:
    Codebase: http://java.sun.com/products/plugin/...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi142_03.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\j2re1.4.2_03\bin\
    Long name: NPJPI142_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 11/19/2003 4:48:18 PM
    Date (last access): 6/11/2006 8:12:10 AM
    Date (last write): 11/19/2003 4:48:12 PM
    Filesize: 65650
    Attributes: archive
    MD5: 2AD31341BE41AC9B086128AD86A2B53F
    CRC32: 081CFB35
    Version: 1.4.2.30

    {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI150_03.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_03\bin\
    Long name: NPJPI150_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 4/13/2005 4:48:56 AM
    Date (last access): 6/11/2006 8:12:24 AM
    Date (last write): 4/13/2005 5:06:32 AM
    Filesize: 69746
    Attributes: archive
    MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
    CRC32: 868C298F
    Version: 5.0.30.7

    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 2:52:58 PM
    Date (last access): 10/22/2006 5:02:36 AM
    Date (last write): 11/10/2005 2:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 2:52:58 PM
    Date (last access): 10/22/2006 5:02:36 AM
    Date (last write): 11/10/2005 2:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload.macromedia.com/get...nt/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash9.ocx
    Short name:
    Date (created): 6/22/2006 2:44:20 PM
    Date (last access): 10/22/2006 4:47:48 AM
    Date (last write): 6/22/2006 2:44:20 PM
    Filesize: 2201224
    Attributes: readonly archive
    MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
    CRC32: B7385E3B
    Version: 9.0.16.0

    {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class)
    DPF name:
    CLSID name: Quantum Streaming IE Player Class
    Installer: C:\WINDOWS\Downloaded Program Files\qsp2ie.inf
    Codebase: http://mvnet.xlontech.net/qm/fox/060...ie06071909.cab
    description:
    classification: Open for discussion
    known filename: QSP2IE05111501.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Documents and Settings\All Users\Application Data\Move Networks\
    Long name: qsp2ie06071909.dll
    Short name: QSP2IE~1.DLL
    Date (created): 10/6/2006 3:05:12 PM
    Date (last access): 10/15/2006 2:09:12 AM
    Date (last write): 7/19/2006 10:05:48 AM
    Filesize: 706880
    Attributes: archive
    MD5: 63AD7297A8723DC4C88F47B9732AE1C7
    CRC32: 1F03D69D
    Version: 1.0.0.1

    {F6ACF75C-C32C-447B-9BEF-46B766368D29} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
    Codebase: http://www.creative.com/su/ocx/15016/CTPID.cab
    description:
    classification: Legitimate
    known filename: CTPID.ocx
    info link:
    info source: Safer Networking Ltd.



    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 10/22/2006 5:02:35 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.dell4me.com/myway
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    <Snip> Removed Winsock list
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •