Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Can't Remove This


  • Please log in to reply
12 replies to this topic

#1 Regoddy

Regoddy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 30 March 2008 - 09:57 PM

Every time I run SpyBot both of these entries come up, but it can never remove them. I'm wondering if I should be worried, or if I can just leave it be. I would just delete them myself but I can't find them.

These are the entires:

Command Service
(SBI $957D5FBB) Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

(SBI $C53578BD) Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Services\cmdService


Usually another one comes up that says "CurrentControlSet002" but it's always removed. It looks like they might just be settings for the computer or something, and SpyBot is just mistaking them for malware, but I wanted to be sure.

Thanks.

Edited by Orange Blossom, 30 March 2008 - 10:40 PM.
Moved from HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 30 March 2008 - 10:44 PM

Hello Regoddy and welcome to BC :flowers:

Since you didn't have an HJT log posted, I moved your topic to the Am I Infected forum where your topic will get the proper attention.

In order to assist you, we need a bit more information.

What is your operating system: Windows XP, Vista, etc.?

Do you have other security programs installed besides Spybot?

Did you run Spybot in Safe Mode?

Can you please post the entire Spybot log for us please?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 Regoddy

Regoddy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 30 March 2008 - 11:19 PM

Thanks! Sorry about posting in the wrong forum.

I have WindowsXP, and I actually JUST ran SpyBot in Safe Mode. It still says it can't remove them because they're being used in memory or something.

I also have AdAware and AVGVirus installed. SpyBot is the only one that actually finds these and says they're a problem.

I'm running it right now so I can get the report for you.

Here's the log:


--- Search result list ---

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-03-09 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-26 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-03-26 Includes\DialerC.sbi (*)
2008-03-26 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-03-26 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-03-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-03-26 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-03-26 Includes\PUPSC.sbi (*)
2008-03-26 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-03-26 Includes\SecurityC.sbi (*)
2008-03-19 Includes\Spybots.sbi (*)
2008-03-26 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-03-19 Includes\Trojans.sbi (*)
2008-03-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Hotfix is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/918842
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 579072
MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A

Located: HK_LM:Run, CaAvTray
command: "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
size: 230512
MD5: 08B9D05430A91A17595E4C80DD06311F

Located: HK_LM:Run, CAVRID
command: "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
size: 185456
MD5: A4D690288FFEC74B6BD1522354B6AEEC

Located: HK_LM:Run, Dell AIO Printer A920
command: "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
file: C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
size: 270336
MD5: 6E5C8AB8A941D098F8F2B5B23647174E

Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2

Located: HK_LM:Run, DVDSentry
command: C:\WINDOWS\System32\DSentry.exe
file: C:\WINDOWS\System32\DSentry.exe
size: 28672
MD5: D9EE81715CC700CAC1C552C247D78D8C

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 3F2C8DD08549BB3419CDA372F5999FFA

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3F22EAAD167797F2DE16FA7968593D59

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 407032
MD5: A2F088DD3834E3BCC28E858A0B3D8F77

Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: PE_C_ADMINISTRATOR...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, DellSupport
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, ctfmon.exe
where: PE_C_TOM...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DellSupport
where: PE_C_TOM...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534

Located: HK_CU:Run, DellSupportCenter
where: PE_C_TOM...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 202544
MD5: 852AB81EDE166A0B25046DD7F4CD3FFA

Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: HK_CU:Run, BitTorrent DNA
where: S-1-5-21-3126944134-1631478974-344622762-1008...
command: "C:\Program Files\DNA\btdna.exe"
file: C:\Program Files\DNA\btdna.exe
size: 288576
MD5: 3B8FBEC0A7F2620AA5290D6627D2EFAC

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3126944134-1631478974-344622762-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, fwmr
where: S-1-5-21-3126944134-1631478974-344622762-1008...
command: C:\PROGRA~1\COMMON~1\fwmr\fwmrm.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MoneyAgent
where: S-1-5-21-3126944134-1631478974-344622762-1008...
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Uniblue RegistryBooster 2
where: S-1-5-21-3126944134-1631478974-344622762-1008...
command: C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 219136
MD5: B331EF4C7437F5093D703340678469EB

Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0

Located: Startup (common), Microsoft Works Calendar Reminders.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 53317
MD5: 5232D76D86FD285F5FA3C7CC7AD45093

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{35E78239-811E-4c3f-B37D-F339AC16C2C0} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\PROGRA~1\Comet\bin\
Long name: autosearch.dll

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/22/2006 2:15:24 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 10/31/2006 4:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 7/12/2006 5:51:02 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 2/3/2005 5:07:08 PM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1



--- ActiveX list ---
6th Street Omaha Poker by pogo (6th Street Omaha Poker by pogo)
DPF name: 6th Street Omaha Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.7.27/omaha/omaha-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Aces Up! by pogo (Aces Up! by pogo)
DPF name: Aces Up! by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/aces/aces-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Backgammon by pogo (Backgammon by pogo)
DPF name: Backgammon by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.9.41/back...ammon-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Bingo Luau by pogo (Bingo Luau by pogo)
DPF name: Bingo Luau by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/fre...bingo-en_US.cab

Blackjack by pogo (Blackjack by pogo)
DPF name: Blackjack by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/bl...kjack-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Blackjack Carnival by pogo (Blackjack Carnival by pogo)
DPF name: Blackjack Carnival by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.5.27/applet/vb...jack2-en_US.cab

Blooop by pogo (Blooop by pogo)
DPF name: Blooop by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/cas...scade-en_US.cab

Bowling by pogo (Bowling by pogo)
DPF name: Bowling by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/bow...wling-en_US.cab

Canasta by pogo (Canasta by pogo)
DPF name: Canasta by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/can...nasta-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Checkers by pogo (Checkers by pogo)
DPF name: Checkers by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.9.41/chec...ckers-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Chess by pogo (Chess by pogo)
DPF name: Chess by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.8.30/ches...hess2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Cribbage by pogo (Cribbage by pogo)
DPF name: Cribbage by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.7.27/crib...bbage-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Dice City Roller by pogo (Dice City Roller by pogo)
DPF name: Dice City Roller by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab

Dice Derby by pogo (Dice Derby by pogo)
DPF name: Dice Derby by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/che...dflag-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Dominoes by pogo (Dominoes by pogo)
DPF name: Dominoes by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.41/domi...omino-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Dominoes v2 by pogo (Dominoes v2 by pogo)
DPF name: Dominoes v2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/dom...mino2-en_US.cab

Double Deuce Poker by pogo (Double Deuce Poker by pogo)
DPF name: Double Deuce Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/vid...deuce-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Euchre by pogo (Euchre by pogo)
DPF name: Euchre by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.3.20/euch...uchre-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

EZ Win Bingo by pogo (EZ Win Bingo by pogo)
DPF name: EZ Win Bingo by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.4.41/bingo/bingoe-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

First Class Solitaire by pogo (First Class Solitaire by pogo)
DPF name: First Class Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.5.27/applet/fi...lass2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Fortune Bingo by pogo (Fortune Bingo by pogo)
DPF name: Fortune Bingo by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/sup...bingo-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Greenback Bayou by pogo (Greenback Bayou by pogo)
DPF name: Greenback Bayou by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/gre...nback-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Hangman Hijinks by pogo (Hangman Hijinks by pogo)
DPF name: Hangman Hijinks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/han...ngman-en_US.cab

Harvest Mania by pogo (Harvest Mania by pogo)
DPF name: Harvest Mania by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.8.30/harv...rvest-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Hearts by pogo (Hearts by pogo)
DPF name: Hearts by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.7.44/applet/he...earts-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

High Stakes Poker by pogo (High Stakes Poker by pogo)
DPF name: High Stakes Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.2.40/draw...poker-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

High Stakes Pool by pogo (High Stakes Pool by pogo)
DPF name: High Stakes Pool by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/pool2/pool-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Hog Heaven Slots by pogo (Hog Heaven Slots by pogo)
DPF name: Hog Heaven Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab

Jigsaw Detective by pogo (Jigsaw Detective by pogo)
DPF name: Jigsaw Detective by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/jigs...igsaw-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Jungle Gin by pogo (Jungle Gin by pogo)
DPF name: Jungle Gin by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/gin2/gin2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Keno by pogo (Keno by pogo)
DPF name: Keno by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.8.1.30/keno/keno-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

KenoPop! by pogo (KenoPop! by pogo)
DPF name: KenoPop! by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.2.1.12/applet/sp...dkeno-en_US.cab

Lost Temple Poker by pogo (Lost Temple Poker by pogo)
DPF name: Lost Temple Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.6.59/mhpo...poker-en_US.cab

Lottso by pogo (Lottso by pogo)
DPF name: Lottso by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/lot...ottso-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Mah Jong Garden by pogo (Mah Jong Garden by pogo)
DPF name: Mah Jong Garden by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Makeover Madness by pogo (Makeover Madness by pogo)
DPF name: Makeover Madness by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/sh...shoes-en_US.cab

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

No-Limit Texas Hold'em by pogo (No-Limit Texas Hold'em by pogo)
DPF name: No-Limit Texas Hold'em by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.0.25/applet/al...allin-en_US.cab

Pai Gow by pogo (Pai Gow by pogo)
DPF name: Pai Gow by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/pa...aigow-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Payday FreeCell by pogo (Payday FreeCell by pogo)
DPF name: Payday FreeCell by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.0.43/free...ecell-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Payday Freecell Solitaire by pogo (Payday Freecell Solitaire by pogo)
DPF name: Payday Freecell Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/fre...cell2-en_US.cab

Pebble Beach Golf by pogo (Pebble Beach Golf by pogo)
DPF name: Pebble Beach Golf by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.5.27/applet/pe...ebble-en_US.cab

Penguin Blocks by pogo (Penguin Blocks by pogo)
DPF name: Penguin Blocks by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.5.30/peng...guins-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Perfect Pair Solitaire by pogo (Perfect Pair Solitaire by pogo)
DPF name: Perfect Pair Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/wa...wheel-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Phlinx by pogo (Phlinx by pogo)
DPF name: Phlinx by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/fli...inger-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Pinochle by pogo (Pinochle by pogo)
DPF name: Pinochle by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/pi...ochle-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Pop Fu by pogo (Pop Fu by pogo)
DPF name: Pop Fu by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/popfu/popfu-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

PoppaZoppa by pogo (PoppaZoppa by pogo)
DPF name: PoppaZoppa by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/pop...zoppa-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Poppit by pogo (Poppit by pogo)
DPF name: Poppit by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.11/applet/po...ppit2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Quick Quack by pogo (Quick Quack by pogo)
DPF name: Quick Quack by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/ho...treak-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

QWERTY by pogo (QWERTY by pogo)
DPF name: QWERTY by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.1/applet/squ...uares-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Ride The Tide by pogo (Ride The Tide by pogo)
DPF name: Ride The Tide by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

SciFi Slots by pogo (SciFi Slots by pogo)
DPF name: SciFi Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/slots/scifi-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Showbiz Slots 2 by pogo (Showbiz Slots 2 by pogo)
DPF name: Showbiz Slots 2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/slo...wbiz2-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Showbiz Slots by pogo (Showbiz Slots by pogo)
DPF name: Showbiz Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.4.1/applet/slo...owbiz-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Shuffle Bump by pogo (Shuffle Bump by pogo)
DPF name: Shuffle Bump by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.7.27/puck/puck-en_US.cab

Spades 2 by pogo (Spades 2 by pogo)
DPF name: Spades 2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/sp...ades2-en_US.cab

Spider Solitaire by pogo (Spider Solitaire by pogo)
DPF name: Spider Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/spi...pider-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Spooky Slots (Spooky Slots)
DPF name: Spooky Slots
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.2.12/applet/sp...pooky-en_US.cab

Squelchies by pogo (Squelchies by pogo)
DPF name: Squelchies by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/squ...chies-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Stax by pogo (Stax by pogo)
DPF name: Stax by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.7.27/stax/stax-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Stellar Sweeper by pogo (Stellar Sweeper by pogo)
DPF name: Stellar Sweeper by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.5.27/applet/sw...eeper-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Super Dominoes by pogo (Super Dominoes by pogo)
DPF name: Super Dominoes by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab

Sweet Tooth 2 by Pogo (Sweet Tooth 2 by Pogo)
DPF name: Sweet Tooth 2 by Pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.6.21/applet/sw...ooth2-en_US.cab

Sweet Tooth TM by pogo (Sweet Tooth TM by pogo)
DPF name: Sweet Tooth TM by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.13/applet/sw...tooth-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Texas Hold'em Poker by pogo (Texas Hold'em Poker by pogo)
DPF name: Texas Hold'em Poker by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.18/applet/ho...oldem-en_US.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

Thousand Island Solitaire by pogo (Thousand Island Solitaire by pogo)
DPF name: Thousand Island Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.7.44/applet/mi...lbrae-en_US.cab

Tri-Peaks by pogo (Tri-Peaks by pogo)
DPF name: Tri-Peaks by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/peaks/peaks-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Tumble Bees by pogo (Tumble Bees by pogo)
DPF name: Tumble Bees by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.5.48/tumb...mbee2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Turbo 21 v2 by pogo (Turbo 21 v2 by pogo)
DPF name: Turbo 21 v2 by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.9.7/applet/tur...rbo22-en_US.cab

Vaults of Atlantis Slots by pogo (Vaults of Atlantis Slots by pogo)
DPF name: Vaults of Atlantis Slots by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/mls...slots-en_US.cab

Wonderland Memories by pogo (Wonderland Memories by pogo)
DPF name: Wonderland Memories by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.1.1/applet/mem...ories-en_US.cab

Word Craft by pogo (Word Craft by pogo)
DPF name: Word Craft by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.9.4.34/babb...abble-en_US.cab

Word Search Daily by pogo (Word Search Daily by pogo)
DPF name: Word Search Daily by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.8.23/applet/wo...earch-en_US.cab

Word Whomp by pogo (Word Whomp by pogo)
DPF name: Word Whomp by pogo
CLSID name:
Installer:
Codebase: http://game3.pogo.com/v/8.1.9.1/applet/wor...homp2-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Word Whomp Whackdown by pogo (Word Whomp Whackdown by pogo)
DPF name: Word Whomp Whackdown by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.7.44/applet/wh...kdown-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

WordJong by pogo (WordJong by pogo)
DPF name: WordJong by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.5.30/word...djong-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

World Class Solitaire by pogo (World Class Solitaire by pogo)
DPF name: World Class Solitaire by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/v/8.1.6.21/applet/wo...class-en_US.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf
Codebase: https://support.dell.com/systemprofiler/SysPro.CAB
description:
classification: Legitimate
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1

{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan60.inf
Codebase: http://housecall60.trendmicro.com/housecall/xscan60.cab
description:
classification: Legitimate
known filename: xscan60.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name:
Date (created): 5/3/2005 12:45:54 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 5/3/2005 12:45:54 PM
Filesize: 475190
Attributes: archive
MD5: 145C288D55A91D6469223136EA93A406
CRC32: A36DBA2A
Version: 6.0.0.1261

{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class)
DPF name:
CLSID name: yucsetreg Class
Installer: C:\Program Files\Yahoo!\common\yucconfig.inf
Codebase: C:\Program Files\Yahoo!\common\yucconfig.dll
description:
classification: Open for discussion
known filename: yucconfig.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: yucconfig.dll
Short name: YUCCON~1.DLL
Date (created): 7/12/2006 5:50:54 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 12/6/2004 3:57:36 PM
Filesize: 74840
Attributes: archive
MD5: 77132B5D8A5D4C136046C624616241F5
CRC32: E67AF1BB
Version: 2004.12.6.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{3A7FE611-1994-4EF1-A09F-99456752289D} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\ActiveLauncherCabSetup.inf
Codebase: http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/...b?1123699034625
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 8/31/2004 1:18:06 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 7/30/2007 7:19:28 PM
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381

{88D758A3-D33B-45FD-91E3-67749B4057FA} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\sinstaller.inf
Codebase: http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
description:
classification: Confirmed as malware
known filename: ScreensaversInst.dll
info link:
info source: Safer Networking Ltd.

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 4:09:16 AM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 12/15/2006 4:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class)
DPF name:
CLSID name: TLIEFlashObj Class
Installer:
Codebase: https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
description:
classification: Legitimate
known filename: TLFlsCtl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: TLIEFlashCtrlU.dll
Short name: TLIEFL~1.DLL
Date (created): 6/19/2001 5:10:00 PM
Date (last access): 3/30/2008 11:57:54 PM
Date (last write): 6/19/2001 5:10:00 PM
Filesize: 122880
Attributes: archive
MD5: A08CA47F8F832B942EED05AC1B5814FA
CRC32: ADF15001
Version: 1.0.0.1

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMesse...pDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.

{B9191F79-5613-4C76-AA2A-398534BB8999} ()
DPF name:
CLSID name:
Installer: C:\Program Files\Yahoo!\Common\yaddbook.dll
Codebase: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
description: Yahoo! Address book
classification: Legitimate
known filename: %ProgramFiles%\Yahoo!\Common\yaddbook.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase: http://java.sun.com/products/plugin/autodl...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI142_05.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2068 10:05:12 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 6/3/2004 10:05:06 PM
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 4:10:58 AM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 10/12/2006 4:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 4:07:34 PM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 11/9/2006 4:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 4:09:16 AM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 12/15/2006 4:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 4:09:16 AM
Date (last access): 3/31/2008 12:15:16 AM
Date (last write): 12/15/2006 4:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 3:46:28 PM
Date (last access): 3/30/2008 11:37:16 PM
Date (last write): 11/9/2006 3:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase: http://aolweb01.pogo.com/game/deluxe/insan...aploader_v6.cab
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 196 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 816 ( 196) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1184 ( 196) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1432 (1184) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1492 (1184) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1636 (1432) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2032 (1432) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 804 (1432) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1300 (1432) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1812 (1432) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 780 (1432) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: A249F60C0EBFA1941ED0E486700D3228
PID: 1508 ( 780) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: 5D5729E41EDA5276CB0470EEA77EB585
PID: 1516 (1432) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 176 (1216) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1600 ( 176) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: BC02E491E88492B02363CE1B384FF7A7
PID: 1644 ( 176) C:\WINDOWS\System32\DSentry.exe
size: 28672
MD5: D9EE81715CC700CAC1C552C247D78D8C
PID: 1652 ( 176) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3F22EAAD167797F2DE16FA7968593D59
PID: 1672 ( 176) C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
PID: 1684 ( 176) C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
size: 270336
MD5: 6E5C8AB8A941D098F8F2B5B23647174E
PID: 1696 ( 176) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE
PID: 1700 ( 176) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205
PID: 1708 ( 176) C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C
PID: 1716 ( 176) C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
size: 230512
MD5: 08B9D05430A91A17595E4C80DD06311F
PID: 264 ( 176) C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
size: 185456
MD5: A4D690288FFEC74B6BD1522354B6AEEC
PID: 336 ( 176) C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 407032
MD5: A2F088DD3834E3BCC28E858A0B3D8F77
PID: 420 ( 176) C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0
PID: 456 ( 176) C:\Program Files\Grisoft\AVG7\avgcc.exe
size: 579072
MD5: 76CD8B6DBB4B8A984193AD07ADC1BD3A
PID: 640 ( 176) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 880 ( 176) C:\Program Files\DNA\btdna.exe
size: 288576
MD5: 3B8FBEC0A7F2620AA5290D6627D2EFAC
PID: 1884 ( 176) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 53317
MD5: 5232D76D86FD285F5FA3C7CC7AD45093
PID: 680 (1432) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 418816
MD5: 3C7B93F947355E374A49564D0D017B7B
PID: 976 (1684) C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
size: 53248
MD5: 7A545E1FA45934C8E4F6930EF4DC31FC
PID: 1924 (1636) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
size: 229376
MD5: 78C1BDD2613E4FFD67EA271E2F008515
PID: 1932 (1432) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 536 (1432) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 406528
MD5: FC0B2AE890BB0DC8C2306DABEDC8A4BA
PID: 516 (1432) C:\Program Files\Yahoo!\Antivirus\ISafe.exe
size: 259184
MD5: 108E941377F92195ED3996EB3499CB6E
PID: 1620 (1432) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
size: 202544
MD5: BCDE2AD809248B47B9A3B82B6FD85108
PID: 2680 (1432) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3976 (1432) C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
size: 201840
MD5: AE7DC64F42FA4D3385C573522FD6466F
PID: 2328 (1432) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3532 ( 176) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7660656
MD5: 219A68C62FDB872FD65E85B4AF1A0E8A
PID: 2592 (1636) C:\WINDOWS\System32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 1728 ( 176) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 3156 (1672) C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
size: 251648
MD5: 572BCED88BF2A1FBA0C2B10AC172F3DB
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/31/2008 12:16:26 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/customize/.../search/ie.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://att.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {B77FD978-9860-431E-9791-DE4CFC08033E}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {B77FD978-9860-431E-9791-DE4CFC08033E}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {B77FD978-9860-431E-9791-DE4CFC08033E}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 8: CA ISafe LSP
GUID: {AE2578B4-F478-4313-9A3E-1B83F7A643DF}
Filename: C:\WINDOWS\system32\VetRedir.dll





Is that what you wanted?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:16 AM

Posted 31 March 2008 - 11:06 PM

Is that what you wanted?

No not me .. Did you install or Uninstall Roxio Easy CD ?

Edited by boopme, 31 March 2008 - 11:07 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Regoddy

Regoddy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 31 March 2008 - 11:14 PM

Not that I'm aware of, no.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:16 AM

Posted 31 March 2008 - 11:22 PM

Ok let's try a different scan and get a log. Just to see. I'll be back tomorrow.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Regoddy

Regoddy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 01 April 2008 - 06:31 PM

Malwarebytes' Anti-Malware 1.09
Database version: 580

Scan type: Quick Scan
Objects scanned: 42174
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{81481291-afaf-11d1-8f8a-e8cb12000000} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Delete on reboot.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.Mostofate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e828ec21-eaa9-44b3-8021-ee89101c6acd} (Adware.SpywareRem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.2 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\tom\Local Settings\Temp\svchost.bin (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


It still couldn't delete it, and didn't delete on reboot either. I rescanned to check - it's still there.

Thank you so much for the help, by the way.

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:16 AM

Posted 01 April 2008 - 07:34 PM

Adware.CommAd is an advertising program that displays popup windows and monitors browser activity. Some version may install the hack tool netmon (a program that monitors network traffic).


you may have installed it with those free games

http://www.pchell.com/support/wildtangent.shtml


ZangoToolbar?


You might try malwarebytes in safe mode

or even add/remove programs?

Edited by DaChew, 01 April 2008 - 07:40 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#9 Regoddy

Regoddy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 01 April 2008 - 07:49 PM

None of the free games or toolbars are things I actually installed. At least, not me specifically, my parents may of accidentally. Personally I think most of it is coming from pogo.com but my mom won't stop playing.

It's not on the add/remove list, or in program files or...anywhere I can get to apparently. It's not even on the C drive, it's in H_KEY_LOCAL or whatever. I've tried uninstalling it myself, but I can't find it.

I've already tried SpyBot in safemode, but I'll try malwarebytes too.

I think it automatically starts when the machine boots up, since I always get a message saying the program is in use or in memory. I've even looked at running processes and such and it's not on there. It's a conundrum.

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:16 AM

Posted 01 April 2008 - 07:52 PM

from wildtangent:

WILDTANGENT SHALL HAVE ABSOLUTELY NO LIABILITY IN CONNECTION WITH THE MATERIALS OR TECHNOLOGY INCLUDING WITHOUT LIMITATION, ANY LIABILITY FOR DAMAGE TO YOUR COMPUTER HARDWARE, SOFTWARE, DATA, BUSINESS OR ANY OTHER MATTER RESULTING FROM THE MATERIALS OR THE TECHNOLOGY, OR THE LACK OF INFORMATION IN ANY WAY RELATING TO SAME ON THE Web Site.


Chewy

No. Try not. Do... or do not. There is no try.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:16 AM

Posted 01 April 2008 - 07:59 PM

these "infections" can come installed on new computers or with aol

they help subsidize the costs and profits
Chewy

No. Try not. Do... or do not. There is no try.

#12 Regoddy

Regoddy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 01 April 2008 - 08:21 PM

Ugh. We had AOHell for about 2 years. I hate them so much D=

I have only gotten this particular malware in the scan for the past 2-3 months or so. I'm not actually having any computer malfunctions though, so put off checking into it.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:16 AM

Posted 01 April 2008 - 11:00 PM

here's a little guide to crapware

http://www.pcdecrapifier.com/

course it takes all the fun out of computers
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users