want to get rid of them

Registry entry changed??...revised

Yeah I basically did the stuff you told me but I noticed I've been getting these "Spybot-Search & Destroy has detected an important registry entry that has been changed" and such...and then when I xed out of the box...a smaller box showed saying something like, "Resident has denied change..."
So what is exactly is this? What should I do about that?

(if you're wondering what I changed...it was "Resgister" to "Resident")
 
Forgot to mention...MiniBug...

I forgot to mention that when I did a scan on Spybot...the only "problem" was "MiniBug"...it wasn't checked with the green checkmark like all the others would already be so I wasn't sure if I should fix it...what would I do about that also?
 
HelpMeSosLoL said:
"Spybot-Search & Destroy has detected an important registry entry that has been changed" and such...and then when I xed out of the box...a smaller box showed saying something like, "Resident has denied change..."
So what is exactly is this? What should I do about that?
Click to expand...

its spybot tea timer, you need to disable it when making certain changes to the registry

only items marked in red in spybot are dangerous
green items are optional

minibug, thats likely weatherbug, that is ad powered, so it shows advertisements
 
I was just wondering...

1) How do I know if a hacker hacked my computer?
2) Could you tell if my computer was hacked when you looked through my HiJackThis logs?
3) Say there previously was a hacker hacking my computer and I did all those things you told me to protect my computer, could they still hack it somehow or use information from my computer to do whatever they want?...I don't really know how hijackers work.
 
Firewall?

...that on my Windows Firewall, when I turn on Firewall it stays ON when the computer is on but when I turn the computer off and then back on, the Firewall is off again which means I have to keep turning on the Firewall everytime I start the computer. Is that normal & is Windows Firewall any good? Anyways any good advice would help. Thanx!
 
Still been getting this...

I still been getting these "Spybot-Search & Destroy has detected an important registry entry that has been changed" (in that box it has 2 buttons to click on but I can't read what they say because for some reason I can't drag the box to make it bigger)...and then when I xed out of the box...a smaller box showed saying something like, "Resident has denied change..."

When you told me do disable teatimer when making changes to my computer, I basically just turned off tea-timer, disabled system restore & enabled it again, and then turned tea-timer back on...I don't even know if that helps

Anyways I've been getting the "Spybot-Search & Destroy has detected an important registry entry that has been changed" since I got Spybot & I didn't even change anything on my computer. Does this mean a hacker has changed some things on my computer?
 
Windows Installer?...

Forgot to mention...when I get this "Spybot-Search & Destroy has detected an important registry entry that has been changed"...a bubble or whatever appears from my SBC Yahoo icon from the bottom and says that Windows Installer wants to access the internet...but I deny its access.

Anyways I noticed before that one of the problems found on a scan was Windows Install...so I removed it (forgot if I scanned it on Spybot or whatever)
 
Log-Spybot S&D

--- Search result list ---
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)

--- Startup entries list ---
Located: HK_LM:Run, 2wSysTray
command: C:\Program Files\2Wire\2PortalMon.exe
file: C:\Program Files\2Wire\2PortalMon.exe
size: 393216
MD5: 45a2d83356499b62a3822b3a92e1ffe8

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 22755776eccc7165ac109c381782a957

Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 208958
MD5: 4369779652ef92518a36697031f8b493

Located: HK_LM:Run, DXDllRegExe
command: dxdllreg.exe
file:

Located: HK_LM:Run, eabconfg.cpl
command: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
file:

Located: HK_LM:Run, EPSON Stylus CX3200
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
size: 74752
MD5: 7984d2a1b7a3a691889c53708fe450bf

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 118784
MD5: c18ff0ef8e517a99c3d258b676cb0f5e

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: b75b654ee1da99876461b24597ae3ff3

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
file: C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4fea5b94c6a96860620a62e4a19bd07d

Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\system32\hphmon05.exe
file: C:\WINDOWS\system32\hphmon05.exe
size: 483328
MD5: a36cab365f2942fa8be8658d176311ad

Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file:

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: d5f3353e5f1f043790fbade2568d9267

Located: HK_LM:Run, IPInSightMonitor 01
command: "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
file: C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
size: 98304
MD5: 400e6df41a69073f12c7b9517537e910

Located: HK_LM:Run, iTunesHelper
command: C:\Program Files\iTunes\iTunesHelper.exe
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 286720
MD5: 3062c3dbf757d4029b8965bc04a4c218

Located: HK_LM:Run, lich
command: lich.exe
file:

Located: HK_LM:Run, NI.UWFX6_0001_N68M2301
command: "C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe" -nag
file:

Located: HK_LM:Run, PRISMSVR.EXE
command: "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 95960
MD5: abba14e4513a3eb53194c472d94943d7

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 536576
MD5: 6f0122a05d9a260bbdde4df76379df93

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: f2111d6912e5778f0667793a21944a9f

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 77ed13fd3196ebc7311ccd6899c7488c

Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22fd4e58d69969a9165721c797d54931

Located: HK_LM:Run, ViewMgr
command: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
file: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 111816
MD5: a36e74ba7528a67a51bc4aff3a50333d

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e

Located: HK_LM:Run, YBrowser
command: C:\Program Files\Yahoo!\browser\ybrwicon.exe
file: C:\Program Files\Yahoo!\browser\ybrwicon.exe
size: 57344
MD5: da6bc165d222c0bcd9ef9ab33e360c4e

Located: HK_LM:Run, Zone Labs Client
command: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 935688
MD5: bac4e154f30aba45bb99c0bb9196a57e

Located: HK_CU:Run, AIM
command: C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
file: C:\PROGRA~1\AIM\aim.exe
size: 67160
MD5: 7ead56abf649aa78cc4036548c3f1e18

Located: HK_CU:Run, BackupNotify
command: C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
file:

Located: HK_CU:Run, Creative Detector
command: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
file:

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, RecordNow!
command:
file:

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Weather
command: C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
file:

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 98304
MD5: 3b712dec13c4d3cc69974f0f6a3f23a7

Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 237568
MD5: da6b945e561b1d1da67663bb45b4b868

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Quicken Scheduled Updates.lnk
command: C:\Program Files\Quicken\bagent.exe
file: C:\Program Files\Quicken\bagent.exe
size: 57344
MD5: 1687ef005349a2d4d57c171548ff8d6d

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
 
Log-Spybot S&D (continued)

--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
BHO name:
CLSID name: Yahoo! Companion BHO
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: ycomp5_5_7_0.dll
Short name: YCOMP5~1.DLL
Date (created): 2/3/2005 10:28:00 PM
Date (last access): 3/12/2006 5:28:40 PM
Date (last write): 9/29/2004 11:02:16 AM
Filesize: 292947
Attributes: archive
MD5: 15003F375140FFB2D2E0C5508857A2F1
CRC32: B0173BA1
Version: 2004.9.28.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 8/18/2005 10:34:22 PM
Date (last access): 3/12/2006 5:14:52 PM
Date (last write): 3/2/2001 11:02:04 AM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/12/2006 5:23:46 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{8A368B31-5AA9-4A61-99C2-0EB6122CE91c} ()
BHO name:
CLSID name:

{BD8BBC42-CF68-43FD-BB08-3928AEEF7E7e} ()
BHO name:
CLSID name:

{BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
BHO name:
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVShExt.dll
Short name:
Date (created): 11/24/2003 3:46:38 PM
Date (last access): 3/12/2006 5:26:30 PM
Date (last write): 11/24/2003 3:46:38 PM
Filesize: 103368
Attributes: archive
MD5: 65C8A602DFA9D5860F1E328CB8575317
CRC32: 929FB7E0
Version: 10.0.10.13

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
 
Log-Spybot S&D (continued again)

--- ActiveX list ---
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 10/13/2005 12:00:56 PM
Date (last access): 3/12/2006 5:37:54 PM
Date (last write): 10/13/2005 12:00:56 PM
Filesize: 790528
Attributes: archive
MD5: 46CE15B59AB422CAF3765DDC909A64F0
CRC32: 606D97CC
Version: 5.0.78.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=48835
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/12/2006 11:32:12 AM
Date (last access): 3/12/2006 5:37:58 PM
Date (last write): 1/12/2006 11:32:12 AM
Filesize: 543496
Attributes: archive
MD5: 0879BA2D2688BFBD6BB6DDCE3D26B201
CRC32: 2F243889
Version: 1.4.410.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/12/2006 5:23:46 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class)
DPF name:
CLSID name: RegConfig Class
Installer: C:\WINDOWS\Downloaded Program Files\yregcfg.inf
Codebase: http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
description:
classification: Open for discussion
known filename: YREGCFG.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yregcfg.dll
Short name:
Date (created): 11/18/2002 12:02:42 PM
Date (last access): 3/12/2006 5:33:38 PM
Date (last write): 11/18/2002 12:02:42 PM
Filesize: 94208
Attributes: archive
MD5: A86BB17876E4D0EE4710BF87FD6BB492
CRC32: 888A92AC
Version: 2002.11.18.1

{A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
DPF name:
CLSID name: YahooYMailTo Class
Installer: C:\Program Files\Yahoo!\Common\ymmapi.inf
Codebase: http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
description:
classification: Legitimate
known filename: ymmapi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: ymmapi.dll
Short name:
Date (created): 1/29/2005 1:18:00 PM
Date (last access): 3/12/2006 5:26:38 PM
Date (last write): 7/30/2003 1:39:54 PM
Filesize: 145120
Attributes: archive
MD5: 28BF07203BA7C3EF17ABA87724A95E66
CRC32: E84AF867
Version: 2003.7.30.1

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 5/3/2003 5:33:20 PM
Date (last access): 3/12/2006 5:23:26 PM
Date (last write): 5/3/2003 5:33:20 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/12/2006 5:23:46 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/12/2006 5:23:46 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 8/27/2005 1:38:56 PM
Date (last access): 3/12/2006 5:59:02 PM
Date (last write): 8/27/2005 1:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
 
Log-Spybot S&D (continued hopefully last)

--- Process list ---
PID: 0 ( 0) [System]
PID: 580 ( 4) \SystemRoot\System32\smss.exe
PID: 644 ( 580) \??\C:\WINDOWS\system32\csrss.exe
PID: 668 ( 580) \??\C:\WINDOWS\system32\winlogon.exe
PID: 712 ( 668) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 724 ( 668) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 880 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 932 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1024 ( 712) C:\Program Files\Windows Defender\MsMpEng.exe
size: 45840
MD5: 948D315495195662BA2A683A7A156BEA
PID: 1064 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1128 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1216 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1280 ( 712) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235120
MD5: E761FC4A1E6CFECDAE543452D3B1D0F1
PID: 1536 ( 712) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255600
MD5: 04C97539E8555D7CD5B7CEA7E75804F7
PID: 1688 ( 712) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1808 ( 712) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
size: 77824
MD5: CD64CE62BE47DF0E9A459FD9002221FE
PID: 1996 ( 712) C:\WINDOWS\system32\CTsvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 2012 ( 712) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
size: 94208
MD5: 12CDB5DC7774298223099D6E41ED5CE7
PID: 2040 ( 712) C:\Program Files\ewido anti-malware\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 176 ( 712) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 296 ( 712) C:\Program Files\Norton AntiVirus\SAVScan.exe
size: 193816
MD5: BFBA4ED75BCDF0F5681A6749D8F27FC7
PID: 396 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 476 ( 712) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 616 ( 712) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 1210112
MD5: 049EB3C18DD71B96075DD7DA48043FDF
PID: 996 ( 712) c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
size: 316544
MD5: 67C5AF84809468061121FBCBECB19285
PID: 2036 ( 712) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2708 (2556) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2760 (1064) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2952 (2708) C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: D5F3353E5F1F043790FBADE2568D9267
PID: 2960 (2708) C:\WINDOWS\system32\hkcmd.exe
size: 118784
MD5: C18FF0EF8E517A99C3D258B676CB0F5E
PID: 2992 (2708) C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ED85B344E6EDC30C1BC57EC1A2A56BF3
PID: 3040 (2708) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: F2111D6912E5778F0667793A21944A9F
PID: 3048 (2708) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 536576
MD5: 6F0122A05D9A260BBDDE4DF76379DF93
PID: 3076 (2708) C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4FEA5B94C6A96860620A62E4A19BD07D
PID: 3096 (2708) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: B75B654EE1DA99876461B24597AE3FF3
PID: 3132 (2708) C:\WINDOWS\system32\hphmon05.exe
size: 483328
MD5: A36CAB365F2942FA8BE8658D176311AD
PID: 3144 (2708) C:\Program Files\iTunes\iTunesHelper.exe
size: 286720
MD5: 3062C3DBF757D4029B8965BC04A4C218
PID: 3160 (2708) C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76A3A30B58405C2C6D833895253A51A9
PID: 3176 (2708) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 22755776ECCC7165AC109C381782A957
PID: 3232 (2708) C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
size: 286720
MD5: BB9373CADA15AB198AE6F22E36BD174B
PID: 3252 (2708) C:\Program Files\Yahoo!\browser\ybrwicon.exe
size: 57344
MD5: DA6BC165D222C0BCD9EF9AB33E360C4E
PID: 3268 (2708) C:\Program Files\2Wire\2PortalMon.exe
size: 393216
MD5: 45A2D83356499B62A3822B3A92E1FFE8
PID: 3288 (2708) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
size: 74752
MD5: 7984D2A1B7A3A691889C53708FE450BF
PID: 3304 (2708) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 111816
MD5: A36E74BA7528A67A51BC4AFF3A50333D
PID: 3316 (2708) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 935688
MD5: BAC4E154F30ABA45BB99C0BB9196A57E
PID: 3332 (2708) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 77ED13FD3196EBC7311CCD6899C7488C
PID: 3348 (2708) C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81AA8BA06A824E637E2BA290D4FA9E3E
PID: 3376 (2708) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3404 (2708) C:\PROGRA~1\AIM\aim.exe
size: 67160
MD5: 7EAD56ABF649AA78CC4036548C3F1E18
PID: 3436 (2708) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 102400
MD5: C744293DFBE1A3347FEC5DBFE3FD123E
PID: 3456 (2708) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 3476 (2708) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 237568
MD5: DA6B945E561B1D1DA67663BB45B4B868
PID: 3544 ( 712) C:\Program Files\iPod\bin\iPodService.exe
size: 401408
MD5: 1158F9A8799B64378BDEB8BBD6B40462
PID: 3604 ( 880) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
size: 217088
MD5: 1646F316309B7D559AEFC9429E808D35
PID: 3908 (3388) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
size: 90112
MD5: E23A538012FB9EC6AACB67A65589EDC7
PID: 528 (2708) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3444 (2708) C:\Program Files\Microsoft Works\wkswp.exe
size: 106556
MD5: FF82D5C76E086D4134293D9830C43D72
PID: 2872 ( 880) C:\Program Files\Microsoft Works\MSWorks.exe
size: 94276
MD5: 629934D1E22104D2B0D7EBFBE37F32B9
PID: 248 ( 880) C:\Program Files\Microsoft Works\wkgdcach.exe
size: 57407
MD5: 54CA0137BC10441AE7FD9EB2671917AC
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/12/2006 6:00:32 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.sbc.com/dsl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C9835D1-4C31-4A4D-87D5-AE3D5BFAD751}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C9835D1-4C31-4A4D-87D5-AE3D5BFAD751}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE4420FF-5D16-4F7A-87D1-EF02F6A85896}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE4420FF-5D16-4F7A-87D1-EF02F6A85896}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65973BDB-E039-496A-BBCF-F7C1D031958B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65973BDB-E039-496A-BBCF-F7C1D031958B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E4E4362-13E7-460D-879E-32E29F09C1A0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E4E4362-13E7-460D-879E-32E29F09C1A0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FC49FC6-BE5C-4702-8406-0FCE2F3B5020}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2FC49FC6-BE5C-4702-8406-0FCE2F3B5020}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEE78373-5815-4EB6-9991-515D899D456A}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEE78373-5815-4EB6-9991-515D899D456A}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
Log-OKay finally PANDA

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@dist.belnk[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@realmedia[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@tribalfusion[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Guest\Cookies\guest@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@rn11[2].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jun\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-28e68558-4e416e50.zip[Gummy.class]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\jun\Cookies\jun@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jun\Cookies\jun@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\jun\Cookies\jun@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jun\Cookies\jun@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jun\Cookies\jun@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jun\Cookies\jun@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\jun\Cookies\jun@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jun\Cookies\jun@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\jun\Cookies\jun@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\jun\Cookies\jun@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jun\Cookies\jun@dist.belnk[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jun\Cookies\jun@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jun\Cookies\jun@overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jun\Cookies\jun@realmedia[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\jun\Cookies\jun@statse.webtrendslive[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\jun\Cookies\jun@winfixer[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@dist.belnk[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@realmedia[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\kristy\Cookies\kristy@tribalfusion[1].txt
 
You must log in or register to reply here.
Back
Top