yahabags malware

N

north89thug

New member
Hello,

I have a problem when i use internet explorer. Everynow and then, i go to a link, but i get redirected to something called wxx.yahabags.com, and then redirected again to some random site. I dont know what causes this, and i have run spybot, adaware, and symantec anti-virus. They will detect problems and say they have fixed them, but the problem continues to occur.

I read a post about a similar problem, and someone told the user to run spybot, fix the problems, then save the 'view report' and put it in this thread. so here it is, can anyone help me???
(it was to big of a file to upload it so i pasted it below)
(it was also too long to post as one thread so i did it over two threads)

north89thug



--- Search result list ---
Errorsafe: Program directory (Directory, fixed)
C:\Documents and Settings\Jimmy\Local Settings\Temp\ICD3.tmp\

MediaMotor: Program directory (Directory, fixed)
C:\Documents and Settings\Jimmy\Local Settings\Temp\ICD2.tmp\

SystemDoctor2006: Program directory (Directory, fixed)
C:\Documents and Settings\Jimmy\Local Settings\Temp\ICD1.tmp\

DoubleClick: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


BFast: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


Mediaplex: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


7FaSSt: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


Advertising.com: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


Zedo: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


Tradedoubler: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)


ValueClick: Tracking cookie (Internet Explorer: Jimmy) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-10 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-10 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-10 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-10 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-10 Includes\PUPSC.sbi (*)
2006-11-10 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-10 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-10 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi (*)
2006-11-10 Includes\TrojansC.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB890923
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB822831
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB825119
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890047
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890175
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890859
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891711
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893086
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB894320
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53408
MD5: 8c5d5b71e4e8a1fb8f1fa6cc57fe411e

Located: HK_LM:Run, Launcher
command: relaunch.exe
file: C:\WINDOWS\relaunch.exe
size: 33792
MD5: 39f29a76dd7114d4f50f806a0e8d02a3

Located: HK_LM:Run, RegistryMechanic
command:
file:

Located: HK_LM:Run, rhythmic
command: rhythmic.EXE
file: C:\WINDOWS\system32\rhythmic.EXE
size: 73728
MD5: 6132802abe38f10ade14fae7f2edcb6d

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\system32\SysTray.Exe
size: 3856
MD5: 349c33508ae444215e23bf7bdd174adf

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124656
MD5: 91d82614352e1e8be383c1c0a39fd876

Located: HK_CU:Run, updateMgr
command: "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
size: 307200
MD5: f5f0a43bdc828ff39fa44737b8cb385c

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613e98493ec4a94395955b17f836cf9

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 43760
MD5: 01ebbf816ace65a2af09c8d913ad1381

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2/13/2006 6:32:24 PM
Date (last access): 11/14/2006 9:31:40 PM
Date (last write): 1/12/2006 8:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/24/2006 12:16:56 AM
Date (last access): 11/14/2006 9:31:42 PM
Date (last write): 5/31/2005 12:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 3/2/2006 12:53:00 PM
Date (last access): 11/14/2006 8:18:06 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{9E129916-98EE-4D9A-8F03-D6CB31EFC1A4} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: wxvcwrcile.dll
Short name: WXVCWR~1.DLL
Date (created): 10/20/2006 9:06:48 AM
Date (last access): 11/14/2006 9:45:00 PM
Date (last write): 10/20/2006 9:06:48 AM
Filesize: 131072
Attributes: archive
MD5: A80E75BB41A9680CE6D1A5F65FEECFBB
CRC32: 1F9F761A

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 10/17/2006 11:03:24 AM
Date (last access): 11/14/2006 8:18:02 PM
Date (last write): 10/12/2006 10:38:04 AM
Filesize: 2108480
Attributes: readonly archive
MD5: 4CB9CC5E19F70337BFE200A4DAD58025
CRC32: 07D15995
Version: 4.0.1020.2544
 
Last edited by a moderator:
continued from 1st post

here's the rest of it....






--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla

{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Path: C:\WINDOWS\system32\macromed\Shockwave 10\
Long name: Download.dll
Short name:
Date (created): 9/3/2006 9:53:12 PM
Date (last access): 10/25/2006 12:03:36 AM
Date (last write): 9/3/2006 9:53:12 PM
Filesize: 124592
Attributes: archive
MD5: 6657882D570C054B54B837603AB2B12A
CRC32: 55C7B54B
Version: 10.1.4.20

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 5/17/2006 1:32:30 PM
Date (last access): 11/14/2006 9:32:38 PM
Date (last write): 5/17/2006 1:32:30 PM
Filesize: 231072
Attributes: archive
MD5: A5E06A91CF82D97985C90B12FEE33A01
CRC32: 5AC66733
Version: 2006.2.22.58

{3334504D-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mpeg4ax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
description: Microsoft MPEG4 Video Codec
classification: Legitimate
known filename: MPEG4AX.CAB
info link:
info source: Patrick M. Kolla

{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\aolcoach_core.inf
Codebase: http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
description:
classification: Legitimate
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 5/17/2006 1:32:42 PM
Date (last access): 11/14/2006 9:32:52 PM
Date (last write): 5/17/2006 1:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 11/13/2006 7:33:22 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38227.2871990741
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
description:
classification: Legitimate
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 11/14/2006 9:57:46 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 11/14/2006 9:57:46 PM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 8/27/2005 12:38:56 PM
Date (last access): 11/14/2006 8:18:58 PM
Date (last write): 8/27/2005 12:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

{D8089245-3211-40F6-819B-9E5E92CD61A2} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\FlashAX.inf
Codebase: https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
description:
classification: Open for discussion
known filename: FlashAX.ocx
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 132 ( 8) \SystemRoot\System32\smss.exe
PID: 160 ( 132) \??\C:\WINDOWS\system32\csrss.exe
PID: 156 ( 132) \??\C:\WINDOWS\system32\winlogon.exe
PID: 208 ( 156) C:\WINDOWS\system32\services.exe
size: 89360
MD5: CFED2D28F5B8A24127E9E06043070643
PID: 220 ( 156) C:\WINDOWS\system32\lsass.exe
size: 33552
MD5: 0C13D582EDAF90CBEA454A1AC535B913
PID: 396 ( 208) C:\WINDOWS\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 424 ( 208) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 92C27887787E637185FEC2EE43DA390F
PID: 468 ( 208) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: FF7DAA264887E850ABFDB8167A8685C9
PID: 548 ( 208) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: C830007369E18A54AED23B5BB3AFA2BA
PID: 580 ( 208) C:\WINDOWS\system32\spoolsv.exe
size: 45328
MD5: 987DAF317B917CFC973DE8364D62A76C
PID: 656 ( 208) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 31472
MD5: 621BE752634201D8124F79BB9005F60E
PID: 684 ( 208) C:\WINDOWS\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 756 ( 208) C:\WINDOWS\system32\MSTask.exe
size: 119568
MD5: 37D7411389A10D7F3ABFE12B247B1AC5
PID: 812 ( 208) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1805040
MD5: 6B53145CDA47829F083ADF39E5F47BAA
PID: 852 ( 208) C:\WINDOWS\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 864 ( 208) C:\WINDOWS\system32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 876 ( 208) C:\WINDOWS\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 984 (1008) C:\WINDOWS\Explorer.EXE
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 1232 ( 984) C:\WINDOWS\system32\rhythmic.EXE
size: 73728
MD5: 6132802ABE38F10ADE14FAE7F2EDCB6D
PID: 1268 ( 984) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 1280 ( 984) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53408
MD5: 8C5D5B71E4E8A1FB8F1FA6CC57FE411E
PID: 1292 ( 984) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124656
MD5: 91D82614352E1E8BE383C1C0A39FD876
PID: 1332 ( 984) C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
PID: 1264 ( 984) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12061896
MD5: 7A0FA3A0282B4630F3768A74441D4BAE
PID: 1428 ( 984) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 8 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/14/2006 9:57:48 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page_bak
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\rnr20.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
 
You must log in or register to reply here.
Back
Top