RafikiSupai!
New member
Successfully flushed the DNS Resolver Cache!
I set it to automatic as well.
I set it to automatic as well.
IEBrowser Redirects-Windows Explorer Crashes-Zlob & others
- Thread starter RafikiSupai!
- Start date
ken545
Emeritus-Security Expert
Thats great :bigthumb::bigthumb: The rest of your log looks fine, your good to go.
You have Spybot Search and Destroy installed :bigthumb: One of the better programs on the internet , make sure you check for updates, Immunize and run a scan at least once a week
Spyware Blaster, no scans to run, just keep it updated and enable all protection, just sits in the background keeping the bad guys out. If you install this program, do not enable the tea timer in Spybot as they will conflict.
Spyware Guard is a one time install, it just sits in the background and guards your pc from attack by Spyware.
IESPYAD, This too will help block bad sites from downloading any of there garbage to your computer..
Firefox You can use both IE and Firefox, just make the one you want your default and they won't bother one another. I use and love Firefox, its more secure than IE.
ZoneAlarm You should only have one Anti Virus program and only one Firewall installed so if your Mcafee includes a firewall then bypass this one.
Been a pleasure helping you. :wink::
Safe Surfin
Ken
These are all full versions.
You have Spybot Search and Destroy installed :bigthumb: One of the better programs on the internet , make sure you check for updates, Immunize and run a scan at least once a week
Spyware Blaster, no scans to run, just keep it updated and enable all protection, just sits in the background keeping the bad guys out. If you install this program, do not enable the tea timer in Spybot as they will conflict.
Spyware Guard is a one time install, it just sits in the background and guards your pc from attack by Spyware.
IESPYAD, This too will help block bad sites from downloading any of there garbage to your computer..
Firefox You can use both IE and Firefox, just make the one you want your default and they won't bother one another. I use and love Firefox, its more secure than IE.
ZoneAlarm You should only have one Anti Virus program and only one Firewall installed so if your Mcafee includes a firewall then bypass this one.
Been a pleasure helping you. :wink::
Safe Surfin
Ken
Last edited:
RafikiSupai!
New member
Security Warriors for you with Shields and Spears!
Dear Ken aka Security Warrior
Asante sana rafiki yangu (Thank you very much my friend!) You have greatly improved my life with your knowledge!
If you ever come to Tanzania to safari in the Serengeti, hike up MT. Kilimanjaro or mountain bike in the Ngorongoro Crater Highlands -- I shall repay your kindness and have Security Warriors for you with Shields and Spears! KARIBU SANA!
Dear Ken aka Security Warrior
Asante sana rafiki yangu (Thank you very much my friend!) You have greatly improved my life with your knowledge!
If you ever come to Tanzania to safari in the Serengeti, hike up MT. Kilimanjaro or mountain bike in the Ngorongoro Crater Highlands -- I shall repay your kindness and have Security Warriors for you with Shields and Spears! KARIBU SANA!
RafikiSupai!
New member
Hmmm...
I thought I would run a Spybot S&D scan and put the TeaTimer back on and promptly received this notice:
S&D has detected an important registry entry that has changed.
Category: Browser page
Change: Value changed
Entry: Search Page
Old data: http://www.microsoft.com/isapi/redir.dll?prd=iear=search
New data: http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
Then there are two buttons on each side (left & right bottom corners) of the dialog box which I CANNOT SEE to read…
The left hand side button has a box to check and “Remember this decision?” statement.
I have not done anything and have left this dialog box open, any clue what I should do? :-/
I thought I would run a Spybot S&D scan and put the TeaTimer back on and promptly received this notice:
S&D has detected an important registry entry that has changed.
Category: Browser page
Change: Value changed
Entry: Search Page
Old data: http://www.microsoft.com/isapi/redir.dll?prd=iear=search
New data: http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
Then there are two buttons on each side (left & right bottom corners) of the dialog box which I CANNOT SEE to read…
The left hand side button has a box to check and “Remember this decision?” statement.
I have not done anything and have left this dialog box open, any clue what I should do? :-/
RafikiSupai!
New member
We’re baack, me and the ZLOB… Like a bad penny!
Good morning Ken,
I had to snoop around for a PIC to make sure what the TeaTimers dialog box buttons said as I am new to S&D. I was a bit jittery about making any changes -- especially involving MSM and their whole redirect process even if you do not use them for your Home Page (which I normally do not, just for this cleanup.) When I am sure it is safe to download and update I will update back to IE7 and add the Firefox browser as well.
Once I heard back from you (thank you) and got through all the TeaTimer duties, I installed S&D with today’s updates then finally ran my scan, which again detected the ZLOB. Is there anything you recommend I need to do at this time?
I found a PIC of the TeaTimer dialog box at this site with a description that was helpful:
http://wiki.pomona.edu/bin/view/FAQ/TeaTimer
Note: This screenshot is from v1.4beta as v1.4 seems to currently have a bug that cuts off part of the window. If you are having this problem, please be aware that the left button is the Allow button and the right button is Deny, as in the screenshot above. Hopefully the Spybot developers will fix this soon!
Good morning Ken,
I had to snoop around for a PIC to make sure what the TeaTimers dialog box buttons said as I am new to S&D. I was a bit jittery about making any changes -- especially involving MSM and their whole redirect process even if you do not use them for your Home Page (which I normally do not, just for this cleanup.) When I am sure it is safe to download and update I will update back to IE7 and add the Firefox browser as well.
Once I heard back from you (thank you) and got through all the TeaTimer duties, I installed S&D with today’s updates then finally ran my scan, which again detected the ZLOB. Is there anything you recommend I need to do at this time?
I found a PIC of the TeaTimer dialog box at this site with a description that was helpful:
http://wiki.pomona.edu/bin/view/FAQ/TeaTimer
Note: This screenshot is from v1.4beta as v1.4 seems to currently have a bug that cuts off part of the window. If you are having this problem, please be aware that the left button is the Allow button and the right button is Deny, as in the screenshot above. Hopefully the Spybot developers will fix this soon!
ken545
Emeritus-Security Expert
This is the Spybot Search and Destroy 1.5 Beta, you can go to Help> About and see what version you are running. You may want to give this a try, uninstall the older version first.
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SpyBotSearch-Destroy.shtml
Start the program, Check for Updates, make sure the Tea Timer is disabled.
Click on Mode and select Advanced Mode, then click on Spybot and run a full system scan, then select all and remove what it finds.
Then in advanced mode, click on Tools > View Report and just tick the following.
Results of last Check
Active X
Start Up list
BHO
Then Export it to your desktop, it will be in Notepad, copy and paste the log into this thread.
Ken
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SpyBotSearch-Destroy.shtml
Start the program, Check for Updates, make sure the Tea Timer is disabled.
Click on Mode and select Advanced Mode, then click on Spybot and run a full system scan, then select all and remove what it finds.
Then in advanced mode, click on Tools > View Report and just tick the following.
Results of last Check
Active X
Start Up list
BHO
Then Export it to your desktop, it will be in Notepad, copy and paste the log into this thread.
Ken
RafikiSupai!
New member
Thanks Ken! I had to split the results to fit it the post.
--- Search result list ---
Common Dialogs: History (2 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Office 9.0: Recently used files (9 files) (Directory, fixed)
C:\Documents and Settings\DavDenRusSki\Application Data\Microsoft\Office\Recent\
Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe ImageReady 7.0: Last save folder (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Adobe\ImageReady 7.0\Preferences\SaveDir\tlfd!=
Adobe ImageReady 7.0: User actions history (11 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Adobe\ImageReady 7.0\Preferences\UserActions
Canon ZoomBrowser EX: Last opened folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Canon\ZoomBrowser Ex\Settings\LastSelectedKey
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
MS Media Player: Application data file (global) () (File, fixed)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: Last selected node (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=
MS Media Player: Client ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=
MS Media Player: Client ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=
MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Office 9.0 (Start Assistant): Last opened file directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\9.0\Osa\FindFile\Place!=
MS Office 11.0 (Access): Recent database #5 (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Access\Settings\MRU5
MS Office 11.0 (Cliparts): Last search made (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Picture Manager): Last selected folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\OIS\Options\LastTreeSelection
MS Office 11.0 (Script Editor): Last loaded project (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\MSE\LastLoadedSolution
MS Office 11.0 (Script Editor): Recent file list (8 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\MSE\FileMRUList
MS Office 11.0 (Word): Recent file list (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Frontpage: Last opened web (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Settings\LastWebOpen!=
MS Visual Basic for Applications: Recent file list (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\VB and VBA Program Settings\Microsoft Visual Basic AddIns\Package and Deployment Wizard
MS Photo Editor: Last used directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Photo Editor\3.0\File Options\Path!=
MS Search Assistant: Typed search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Search Assistant\ACMru
MusicMatch JukeBox: Last add song folder (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MusicLibraryUI\Last add song dir!=
Paint Shop Pro 8: Last browse folder (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Jasc\Paint Shop Pro 8\Browser\BrowseDir!=
Windows: Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=
Windows.OpenWith: Open with list - .ADP extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADP\OpenWithList
Windows.OpenWith: Open with list - .AI extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList
Windows.OpenWith: Open with list - .ALB extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ALB\OpenWithList
Windows.OpenWith: Open with list - .API extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.API\OpenWithList
Windows.OpenWith: Open with list - .AS extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AS\OpenWithList
Windows.OpenWith: Open with list - .ASX extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: Open with list - .BMP extension (10 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .CAB extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows.OpenWith: Open with list - .CDA extension (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: Open with list - .CDX extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDX\OpenWithList
Windows.OpenWith: Open with list - .CFG extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList
Windows.OpenWith: Open with list - .CLS extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLS\OpenWithList
Windows.OpenWith: Open with list - .CPL extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Windows.OpenWith: Open with list - .CSS extension (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows.OpenWith: Open with list - .CTL extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CTL\OpenWithList
Windows Explorer: Recent wallpaper list (501 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: Stream history (120 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: User Assistant history IE (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (24 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last visited history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: Recent file global history (Registry key, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Last Copy/MoveTo folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Nico Mak Computing\WinZip\rrs\Opened!=
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Nico Mak Computing\WinZip\rrs\Opened!=
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Nico Mak Computing\WinZip\rrs\Opened!=
Cache: Cache (12) (Cache, fixed)
Congratulations!: No immediate threats were found. ()
--- Search result list ---
Common Dialogs: History (2 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Office 9.0: Recently used files (9 files) (Directory, fixed)
C:\Documents and Settings\DavDenRusSki\Application Data\Microsoft\Office\Recent\
Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe ImageReady 7.0: Last save folder (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Adobe\ImageReady 7.0\Preferences\SaveDir\tlfd!=
Adobe ImageReady 7.0: User actions history (11 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Adobe\ImageReady 7.0\Preferences\UserActions
Canon ZoomBrowser EX: Last opened folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Canon\ZoomBrowser Ex\Settings\LastSelectedKey
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
MS Media Player: Application data file (global) () (File, fixed)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
MS Media Player: Last selected node (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=
MS Media Player: Client ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=
MS Media Player: Client ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=
MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Office 9.0 (Start Assistant): Last opened file directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\9.0\Osa\FindFile\Place!=
MS Office 11.0 (Access): Recent database #5 (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Access\Settings\MRU5
MS Office 11.0 (Cliparts): Last search made (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Clip Organizer\Search\Last Query
MS Office 11.0 (Picture Manager): Last selected folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\OIS\Options\LastTreeSelection
MS Office 11.0 (Script Editor): Last loaded project (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\MSE\LastLoadedSolution
MS Office 11.0 (Script Editor): Recent file list (8 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\MSE\FileMRUList
MS Office 11.0 (Word): Recent file list (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Frontpage: Last opened web (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Settings\LastWebOpen!=
MS Visual Basic for Applications: Recent file list (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\VB and VBA Program Settings\Microsoft Visual Basic AddIns\Package and Deployment Wizard
MS Photo Editor: Last used directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Photo Editor\3.0\File Options\Path!=
MS Search Assistant: Typed search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Search Assistant\ACMru
MusicMatch JukeBox: Last add song folder (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MusicLibraryUI\Last add song dir!=
Paint Shop Pro 8: Last browse folder (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Jasc\Paint Shop Pro 8\Browser\BrowseDir!=
Windows: Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=
Windows.OpenWith: Open with list - .ADP extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADP\OpenWithList
Windows.OpenWith: Open with list - .AI extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList
Windows.OpenWith: Open with list - .ALB extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ALB\OpenWithList
Windows.OpenWith: Open with list - .API extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.API\OpenWithList
Windows.OpenWith: Open with list - .AS extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AS\OpenWithList
Windows.OpenWith: Open with list - .ASX extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList
Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: Open with list - .BMP extension (10 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: Open with list - .CAB extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList
Windows.OpenWith: Open with list - .CDA extension (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: Open with list - .CDX extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDX\OpenWithList
Windows.OpenWith: Open with list - .CFG extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList
Windows.OpenWith: Open with list - .CLS extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLS\OpenWithList
Windows.OpenWith: Open with list - .CPL extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Windows.OpenWith: Open with list - .CSS extension (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows.OpenWith: Open with list - .CTL extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CTL\OpenWithList
Windows Explorer: Recent wallpaper list (501 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: Stream history (120 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: User Assistant history IE (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (24 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last visited history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: Recent file global history (Registry key, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: Last Copy/MoveTo folder (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Nico Mak Computing\WinZip\rrs\Opened!=
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\S-1-5-21-2710597939-3187016515-2077082144-1007\Software\Nico Mak Computing\WinZip\rrs\Opened!=
WinZip: Number of times run (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Nico Mak Computing\WinZip\rrs\Opened!=
Cache: Cache (12) (Cache, fixed)
Congratulations!: No immediate threats were found. ()
RafikiSupai!
New member
Part two...
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-01 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- Startup entries list ---
Located: HK_LM:Run, AsioReg
command: REGSVR32.EXE /S CTASIO.DLL
file: C:\WINDOWS\system32\REGSVR32.EXE
size: 11776
MD5: 9709ead856a690333138ac40804f914e
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 18d6b0bb625420c37cc146cbbe59d32a
Located: HK_LM:Run, CTDVDDet
command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: 49530ea45ebd73e2c11c74dfebc30d57
Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 49152
MD5: c88806e6c9ae0ad88d20e1bda995355a
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122933
MD5: 55877ab1f65a512fd317b640d9353dc5
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: 6a66b6a314f6ef30cd1cf82a17daad52
Located: HK_LM:Run, EPSON Stylus C86 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB003" /M "Stylus C86"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
size: 99840
MD5: 6f02f5cb024b52492406707909cd9b86
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1169651013\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1169651013\ee\AOLSoftware.exe
size: 50736
MD5: c482c535cbfefe722ec1eb7f11f680a3
Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
file: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84ce197c2869be8965644396841fdd19
Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe
Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file:
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22fd4e58d69969a9165721c797d54931
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 57cb86b1cdd77eb5138ba05d1f193463
Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (disabled), America Online 9.0 Tray Icon (DISABLED)
command: C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 12:47:54 AM
Date (last access): 8/1/2007 1:56:36 PM
Date (last write): 5/15/2003 12:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{089FD14D-132B-48FC-8861-0048AE113215} ()
BHO name:
CLSID name:
Path: C:\Program Files\SiteAdvisor\6066\
Long name: SiteAdv.dll
Short name:
Date (created): 7/29/2007 6:09:30 PM
Date (last access): 8/1/2007 1:39:36 PM
Date (last write): 7/30/2007 10:19:04 AM
Filesize: 1099304
Attributes: archive
MD5: 13B5ED60FE79EE38268A5AA57FC8B44F
CRC32: 2469AFC6
Version: 2.4.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/28/2007 11:00:04 PM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 9/7/2004 7:30:04 AM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 3/15/2004 2:04:00 AM
Filesize: 118836
Attributes: archive
MD5: 3A79721C9ACC30CBA57266854C20238B
CRC32: 6FCEA787
Version: 1.4.7.1
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 7/30/2007 8:30:58 AM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 8/1/2007 6:28:58 AM
Date (last access): 8/1/2007 1:56:36 PM
Date (last write): 7/24/2007 12:02:40 PM
Filesize: 66880
Attributes: archive
MD5: 7586AE543FCEEBC47892D112628B70A9
CRC32: D1B86D73
Version: 14.0.0.349
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 1:03:46 AM
Date (last access): 8/1/2007 1:46:56 PM
Date (last write): 5/15/2003 1:03:46 AM
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 2/21/2007 5:49:08 PM
Date (last access): 8/1/2007 2:12:44 PM
Date (last write): 2/21/2007 5:49:08 PM
Filesize: 946176
Attributes: archive
MD5: 5011129171D8DB17D519270B9C13DB1C
CRC32: 0837FD01
Version: 5.0.93.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 7:04:22 PM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5
{193C772A-87BE-4B19-A7BB-445B226FE9A1} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
description:
classification: Legitimate
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 8/24/2006 8:28:54 AM
Date (last access): 8/1/2007 2:07:16 PM
Date (last write): 8/24/2006 8:28:54 AM
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
description:
classification: Legitimate
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 2:46:28 PM
Date (last access): 8/1/2007 2:04:18 PM
Date (last write): 11/9/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-01 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- Startup entries list ---
Located: HK_LM:Run, AsioReg
command: REGSVR32.EXE /S CTASIO.DLL
file: C:\WINDOWS\system32\REGSVR32.EXE
size: 11776
MD5: 9709ead856a690333138ac40804f914e
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 18d6b0bb625420c37cc146cbbe59d32a
Located: HK_LM:Run, CTDVDDet
command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: 49530ea45ebd73e2c11c74dfebc30d57
Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 49152
MD5: c88806e6c9ae0ad88d20e1bda995355a
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122933
MD5: 55877ab1f65a512fd317b640d9353dc5
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: 6a66b6a314f6ef30cd1cf82a17daad52
Located: HK_LM:Run, EPSON Stylus C86 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB003" /M "Stylus C86"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
size: 99840
MD5: 6f02f5cb024b52492406707909cd9b86
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1169651013\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1169651013\ee\AOLSoftware.exe
size: 50736
MD5: c482c535cbfefe722ec1eb7f11f680a3
Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
file: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
size: 135168
MD5: 84ce197c2869be8965644396841fdd19
Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe
Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file:
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22fd4e58d69969a9165721c797d54931
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 57cb86b1cdd77eb5138ba05d1f193463
Located: Startup (disabled), Acrobat Assistant (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (disabled), America Online 9.0 Tray Icon (DISABLED)
command: C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 12:47:54 AM
Date (last access): 8/1/2007 1:56:36 PM
Date (last write): 5/15/2003 12:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{089FD14D-132B-48FC-8861-0048AE113215} ()
BHO name:
CLSID name:
Path: C:\Program Files\SiteAdvisor\6066\
Long name: SiteAdv.dll
Short name:
Date (created): 7/29/2007 6:09:30 PM
Date (last access): 8/1/2007 1:39:36 PM
Date (last write): 7/30/2007 10:19:04 AM
Filesize: 1099304
Attributes: archive
MD5: 13B5ED60FE79EE38268A5AA57FC8B44F
CRC32: 2469AFC6
Version: 2.4.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/28/2007 11:00:04 PM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 9/7/2004 7:30:04 AM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 3/15/2004 2:04:00 AM
Filesize: 118836
Attributes: archive
MD5: 3A79721C9ACC30CBA57266854C20238B
CRC32: 6FCEA787
Version: 1.4.7.1
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 7/30/2007 8:30:58 AM
Date (last access): 8/1/2007 1:56:38 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 8/1/2007 6:28:58 AM
Date (last access): 8/1/2007 1:56:36 PM
Date (last write): 7/24/2007 12:02:40 PM
Filesize: 66880
Attributes: archive
MD5: 7586AE543FCEEBC47892D112628B70A9
CRC32: D1B86D73
Version: 14.0.0.349
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 1:03:46 AM
Date (last access): 8/1/2007 1:46:56 PM
Date (last write): 5/15/2003 1:03:46 AM
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 2/21/2007 5:49:08 PM
Date (last access): 8/1/2007 2:12:44 PM
Date (last write): 2/21/2007 5:49:08 PM
Filesize: 946176
Attributes: archive
MD5: 5011129171D8DB17D519270B9C13DB1C
CRC32: 0837FD01
Version: 5.0.93.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 7:04:22 PM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5
{193C772A-87BE-4B19-A7BB-445B226FE9A1} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
description:
classification: Legitimate
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 8/24/2006 8:28:54 AM
Date (last access): 8/1/2007 2:07:16 PM
Date (last write): 8/24/2006 8:28:54 AM
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
description:
classification: Legitimate
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/1/2007 2:12:46 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 2:46:28 PM
Date (last access): 8/1/2007 2:04:18 PM
Date (last write): 11/9/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
tashi
Member of Team Spybot
Glad we could help, :bigthumb: as the problem appears to be resolved this topic has been archived.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.