2nd half
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer:
Codebase:
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path:
Long name: (value not set)
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: D:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 1:03:56 PM
Date (last access): 25/02/2006 2:32:10 PM
Date (last write): 10/11/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: D:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 1:03:56 PM
Date (last access): 25/02/2006 2:32:10 PM
Date (last write): 10/11/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: D:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 1:38:56 PM
Date (last access): 25/02/2006 2:32:10 PM
Date (last write): 27/08/2005 1:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Installer: D:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase:
http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
description:
classification: Open for discussion
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.
Path: D:\WINDOWS\Downloaded Program Files\
Long name: popcaploader.dll
Short name: POPCAP~1.DLL
Date (created): 26/08/2004 12:12:00 PM
Date (last access): 25/02/2006 2:12:28 PM
Date (last write): 26/08/2004 12:12:00 PM
Filesize: 126976
Attributes:
MD5: 57F868A52B9D4153658DC0DB5062E536
CRC32: 35357599
Version: 1.0.0.6
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: D:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase:
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4703/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: D:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 22/02/2006 9:50:32 AM
Date (last access): 25/02/2006 2:32:10 PM
Date (last write): 22/02/2006 9:50:32 AM
Filesize: 116288
Attributes: archive
MD5: D4E31BADBA19D51C9D6F0174D51E4793
CRC32: B6EC6A2D
Version: 2.1.0.4703
--- Process list ---
PID: 0 ( 0) [System]
PID: 712 ( 4) \SystemRoot\System32\smss.exe
PID: 888 ( 712) \??\D:\WINDOWS\system32\csrss.exe
PID: 912 ( 712) \??\D:\WINDOWS\system32\winlogon.exe
PID: 976 ( 912) D:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 988 ( 912) D:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1184 ( 976) D:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1280 ( 976) D:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1392 ( 976) D:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1448 ( 976) D:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1596 ( 976) D:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 124 ( 976) D:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: 027D03D9D8AB95194A115A999E960AC0
PID: 176 ( 976) D:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 144 ( 124) D:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: 8D836E60877ED79C409712B9BE2DFC3B
PID: 388 ( 316) D:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1424 ( 388) D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
size: 57344
MD5: 8E7939D19E49D071110D780BF1EDEC21
PID: 1508 ( 388) D:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: 0A66D1CA518E5F32A18310A74E20AD4A
PID: 1548 ( 388) D:\Program Files\Roland\VSC32\vsc32cnf.exe
size: 36864
MD5: 939E091564A2D1DF9FC185909E0E0592
PID: 1564 ( 388) D:\Program Files\Roland\VSC32\vscvol.exe
size: 36864
MD5: BB15E7AC61895A9D9AA107A3BE5F1612
PID: 1680 ( 388) D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 102448
MD5: 9EB989D83225F2E6D9ECFDCCDD0DB0CA
PID: 1696 (1424) D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
size: 53248
MD5: 9C2991D06E1F40ADBDED988B013828C8
PID: 1716 ( 388) D:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1744 ( 388) D:\Program Files\Spyware Doctor\swdoctor.exe
size: 1992928
MD5: 77E67D0857B21573C1A79C05C9C761F3
PID: 1760 ( 388) D:\Program Files\Mediatek\AudiMax Dual\AudiMaxDual.exe
size: 1384448
MD5: 5132D4D5CA2286694CE82C1467737A01
PID: 1884 (1728) D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
size: 90112
MD5: BED117A8BAB5D2C85D50E44F8E90705C
PID: 484 ( 976) D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 53248
MD5: 435D862E96FE19612093177CF6618F4E
PID: 492 ( 976) D:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 102448
MD5: 0839B8BFDF17DAC8C9B083009768400E
PID: 564 ( 976) D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
size: 159744
MD5: 72AB5A8F5C69FBFA346DBC551E92069C
PID: 596 ( 976) D:\Program Files\ewido anti-malware\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 624 ( 976) D:\Program Files\ewido anti-malware\ewidoguard.exe
size: 151616
MD5: 34A50717AD686900F078F5208F8E908E
PID: 840 ( 976) D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
size: 1368064
MD5: 37F2DECEBEDC9179A149CC40968CDF5A
PID: 1204 ( 976) D:\Program Files\Spyware Doctor\sdhelp.exe
size: 870624
MD5: 186EE3B89521257C480E55063A91DE77
PID: 1724 ( 840) D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
size: 2617344
MD5: 34D8182F75D145FD5C1B0384400E588B
PID: 1348 ( 976) D:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3312 ( 976) D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 241712
MD5: A7A61A9FFE49102C0ECDC259C915BDB9
PID: 3536 ( 840) D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
size: 2617344
MD5: 34D8182F75D145FD5C1B0384400E588B
PID: 3580 ( 976) D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 364592
MD5: 1E898FA5EA0C8CB3BF053997516BB2C0
PID: 720 ( 976) D:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1788 ( 388) D:\Program Files\Winamp3\Studio.exe
size: 62240
MD5: 2EAE2A97F7575289C8BEA9D22AAA767E
PID: 2388 ( 388) D:\Program Files\Windows NT\Accessories\wordpad.exe
size: 214528
MD5: F0543ACEEB5CD8821469958C9F3DD9A4
PID: 1104 ( 388) D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 25/02/2006 2:43:19 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *
Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D0BD8BF-FA79-4726-83AB-AEAF7CCF4994}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D0BD8BF-FA79-4726-83AB-AEAF7CCF4994}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C40029FE-8B4D-4223-839E-3628C16A26C5}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C40029FE-8B4D-4223-839E-3628C16A26C5}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F35A677E-8B46-4966-B556-AAD8C409564F}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F35A677E-8B46-4966-B556-AAD8C409564F}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02BDAA4A-77ED-4C00-8BFA-27C0EE648E41}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02BDAA4A-77ED-4C00-8BFA-27C0EE648E41}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0AF14869-9E12-41A9-8321-0251C9EEDA33}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0AF14869-9E12-41A9-8321-0251C9EEDA33}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*
Looks like I'm trying to send to much info so I hope it all works out
Thanks again Po