Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Get An Error Trying To Install Programs


  • Please log in to reply
1 reply to this topic

#1 Awuzzzup

Awuzzzup

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 14 April 2008 - 12:02 AM

First things first, my friend introduced me into a stupid world of Keygens, which I found out to be bad and illegal and for the most part filled with viruses and spyware. I opened one up and found myself being attacked over 150 of them and it took administrative control of my computer and left my computer devistated in the registry and i'm missing some stuff and I finally got it stable enough to where I can do everything except install and run programs efficenlty, the main mosnter of it all was spools.exe which is still not taken care of and I still don't know how tfix all what happned in my registry. This is a a report that I found on Spy Bot of what it caught I don't know if it's useful or not, some people use hijack this on this forum and I don't know what it's for myabe I need to do it in this case, but anyway the main error I can't fix is

CP-FPCOS100_installer.exe - Bad Image <-Top Banner



The aplication or DLL C:\WINDOWS\system32\wvUnOGXr.dll is not a valid Windows image. Please check this against your installation diskette.

I can't even use print screen to save this image, it turns up white, I really have no idea where to start and I need help and I still ahve spools.exe and registry problems to attend with. Please help










--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2007-07-07 unins000.exe (51.41.0.0)
2008-03-05 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-03-26 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2008-04-09 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-04-09 Includes\DialerC.sbi
2008-04-09 Includes\HeavyDuty.sbi
2008-03-19 Includes\Hijackers.sbi
2008-04-09 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-04-09 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-03-26 Includes\Malware.sbi
2008-04-09 Includes\MalwareC.sbi
2008-03-26 Includes\PUPS.sbi
2008-04-09 Includes\PUPSC.sbi
2008-04-09 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-04-09 Includes\SecurityC.sbi
2008-04-02 Includes\Spybots.sbi
2008-04-09 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-04-02 Includes\Trojans.sbi
2008-04-09 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4: Patch Available For XMLHTTP Vulnerability
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)


--- Startup entries list ---
Located: HK_LM:Run, autoload
command: C:\Documents and Settings\Owner\cftmon.exe
file: C:\Documents and Settings\Owner\cftmon.exe
size: 50937
MD5: 287E665C7AF7C21A8A70EAE4FDE24788

Located: HK_LM:Run, ntuser
command: C:\WINDOWS\system32\drivers\spools.exe
file: C:\WINDOWS\system32\drivers\spools.exe
size: 23952
MD5: 7FDC6B15FAF5719AD63A6BD767C769BD

Located: HK_LM:Run, SpySweeper
command: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 5367664
MD5: 2B0B8C29092FB420826F5A8FD02DC081

Located: HK_LM:RunOnce, SpybotDeletingA3905
command: command /c del "C:\WINDOWS\SYSTEM32\mlJApMef.dll"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5373
command: command /c del "C:\Program Files\Helper\1208023116.dll"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC5314
command: cmd /c del "C:\WINDOWS\SYSTEM32\mlJApMef.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC7526
command: cmd /c del "C:\Program Files\Helper\1208023116.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:Run, AOL Spyware Protection (DISABLED)
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 217697C43BFF8D740CFBB9AD87621519

Located: HK_LM:Run, AOLDialer (DISABLED)
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 34904
MD5: 25D2AA5A7CA01DB369A39149A1AB2F30

Located: HK_LM:Run, HostManager (DISABLED)
command: C:\Program Files\Common Files\AOL\1142388687\ee\AOLHostManager.exe
file: C:\Program Files\Common Files\AOL\1142388687\ee\AOLHostManager.exe
size: 159832
MD5: F272C718D0A1608F04E66CAD9AF43D46

Located: HK_LM:Run, HotKeysCmds (DISABLED)
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 90112
MD5: 827F444CBDB208A5BEFA3B9D753D9293

Located: HK_LM:Run, HPDJ Taskbar Utility (DISABLED)
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: CA07CFBC2AF3CBFBF0BD9F4891CAC22A

Located: HK_LM:Run, IgfxTray (DISABLED)
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 143360
MD5: 2245189E80CC284F0F9833A54B836F9B

Located: HK_LM:Run, MCAgentExe (DISABLED)
command: c:\PROGRA~1\mcafee.com\agent\McAgent.exe
file: c:\PROGRA~1\mcafee.com\agent\McAgent.exe
size: 245760
MD5: C281CB23DDDFE24464652BB52DDC61A5

Located: HK_LM:Run, MCUpdateExe (DISABLED)
command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 180224
MD5: 27385955E28E1E08461A1CC5C95D1DA8

Located: HK_LM:Run, MSConfig (DISABLED)
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4FD22142F54692463A7B98B7DE175573

Located: HK_LM:Run, NeroFilterCheck (DISABLED)
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: FA7EB9AFF3D726A6BF0494BEE7E378F6

Located: HK_LM:Run, Share-to-Web Namespace Daemon (DISABLED)
command: "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 57344
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C

Located: HK_LM:Run, SiteAdvisor (DISABLED)
command: "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
file: C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
size: 35928
MD5: 4356CA49B1CE0ED28B49A8C6C1F001FF

Located: HK_LM:Run, SpySweeper (DISABLED)
command: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 5367664
MD5: 2B0B8C29092FB420826F5A8FD02DC081

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: F9B47F830DD55FEDD6EF27D063C29A42

Located: HK_LM:Run, VirusScan Online (DISABLED)
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3FE1E841ED8483F7A75A1E86F6FC2216

Located: HK_LM:Run, VSOCheckTask (DISABLED)
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 122880
MD5: 90CF41E5D4E8D3A88D8630DA5C3B7A3A

Located: HK_LM:Run, Zune Launcher (DISABLED)
command: "c:\Program Files\Zune\ZuneLauncher.exe"
file: c:\Program Files\Zune\ZuneLauncher.exe
size: 166304
MD5: 52A853884BCA3777A9E43E711830CF16

Located: HK_CU:Run, MySpaceIM
where: .default...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF

Located: HK_CU:Run, ctfmon.exe
where: pe_c_....
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:RunOnce, Index Washer
where: pe_c_....
command: C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
file: C:\Program Files\Webroot\Washer\WashIdx.exe
size: 51200
MD5: CFC6D16442E6B0C7FB8D973842A02958

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: pe_c_....
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, Uniblue Registry Booster (DISABLED)
where: pe_c_....
command: "C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe" /S
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Uniblue SpyEraser (DISABLED)
where: pe_c_....
command: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Window Washer (DISABLED)
where: pe_c_....
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 1138688
MD5: 3B32F9C7676B5A8139F24C4555CD2193

Located: HK_CU:Run, MySpaceIM
where: pe_c_all users...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF

Located: HK_CU:Run, autoload
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Documents and Settings\Owner\cftmon.exe
file: C:\Documents and Settings\Owner\cftmon.exe
size: 50937
MD5: 287E665C7AF7C21A8A70EAE4FDE24788

Located: HK_CU:Run, ctfmon.exe
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, Microsoft Works Update Detection
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: c:\Program Files\Microsoft Works\WkDetect.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ntuser
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\WINDOWS\system32\drivers\spools.exe
file: C:\WINDOWS\system32\drivers\spools.exe
size: 23952
MD5: 7FDC6B15FAF5719AD63A6BD767C769BD

Located: HK_CU:RunOnce, SpybotDeletingB5803
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: command /c del "C:\WINDOWS\SYSTEM32\mlJApMef.dll"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7293
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: command /c del "C:\Program Files\Helper\1208023116.dll"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD1410
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: cmd /c del "C:\Program Files\Helper\1208023116.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD4068
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: cmd /c del "C:\WINDOWS\SYSTEM32\mlJApMef.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:Run, Aim6 (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50736
MD5: 233CA87903AD80083DD16FE994F0B2E1

Located: HK_CU:Run, Cacheman (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\PROGRA~1\Cacheman\Cacheman.exe
file: C:\PROGRA~1\Cacheman\Cacheman.exe
size: 1290752
MD5: 3BC60213BFAFA6EE41BC5BB7F926ABC6

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, igndlm.exe (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
file: C:\Program Files\Download Manager\DLM.exe
size: 1103480
MD5: E44DC8468555B204615E4712563A5A95

Located: HK_CU:Run, MySpaceIM (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF

Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, Uniblue SpeedUpMyPC (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
file: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
size: 9495832
MD5: DBA4EB63C86D8B4E017585FB42668180

Located: HK_CU:Run, Window Washer (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 1138688
MD5: 3B32F9C7676B5A8139F24C4555CD2193

Located: HK_CU:RunOnce, Index Washer (DISABLED)
where: s-1-5-21-1426590395-101265881-4004078720-1003...
command: C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
file: C:\Program Files\Webroot\Washer\WashIdx.exe
size: 51200
MD5: CFC6D16442E6B0C7FB8D973842A02958

Located: HK_CU:Run, MySpaceIM
where: s-1-5-18...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF

Located: Startup (disabled), AOL Companion (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), hp center UI (DISABLED)
command: C:\PROGRA~1\HPCENT~1\137903\Shadow\SHADOW~1.EXE -STARTUP
file: C:\PROGRA~1\HPCENT~1\137903\Shadow\SHADOW~1.EXE
size: 69632
MD5: 3DD1068F1DB0BEE2F9E27DA69B1B43AA

Located: Startup (disabled), hp center (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), Cashfiesta (DISABLED)
command: C:\PROGRA~1\CASHFI~1\FIESTA~1\CASHFI~1.EXE /autorun
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wvUnOGXr
command: wvUnOGXr.dll
file: wvUnOGXr.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{009c72ad-fae7-42a1-a2a4-a0c6c9d0ef92} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: mlJApMef.dll
Short name:
Date (created): 4/12/2008 11:00:56 AM
Date (last access): 4/12/2008 11:00:56 AM
Date (last write): 4/12/2008 11:04:50 AM
Filesize: 272384
Attributes:
MD5: 54E69FB9E1DDC8BA5457364FC7F4F68E
CRC32: CBDCBD65

{4139ab37-2c2b-41e2-a2e8-dffe67b4428c} ({c8244b76-effd-8e2a-2e14-b2c273ba9314})
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: {c8244b76-effd-8e2a-2e14-b2c273ba9314}
CLSID name:
Path: C:\WINDOWS\system32\
Long name: mdjrvgva.dll
Short name:
Date (created): 4/13/2008 9:27:34 PM
Date (last access): 4/13/2008 9:27:34 PM
Date (last write): 4/13/2008 9:27:56 PM
Filesize: 92736
Attributes: archive
MD5: B4D391D773C98E87A9397C66644992D7
CRC32: EBD36A36

{c5af49a2-94f3-42bd-f434-2604812c897d} (C:\WINDOWS\system32\jfiehayd.dll)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: C:\WINDOWS\system32\jfiehayd.dll
Path: C:\WINDOWS\system32\
Long name: jfiehayd.dll
Short name:
Date (created): 4/12/2008 10:57:36 AM
Date (last access): 4/12/2008 10:57:36 AM
Date (last write): 4/12/2008 10:57:36 AM
Filesize: 10000
Attributes: archive
MD5: 722DCAC00DC83900CE09988E2C12376A
CRC32: 9B217800



--- ActiveX list ---
Command and Conquer Attack Copter by pogo (Command and Conquer Attack Copter by pogo)
DPF name: Command and Conquer Attack Copter by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-8.0.3.20/ccst...trike-en_US.cab

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control)
DPF name:
CLSID name: Bejeweled Control
Installer: C:\WINDOWS\Downloaded Program Files\bejeweled.inf
Codebase: http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control)
DPF name:
CLSID name: Wwlaunch Control
Installer: C:\WINDOWS\Downloaded Program Files\wwlaunch.inf
Codebase: http://www.worldwinner.com/games/shared/wwlaunch.cab
description:
classification: Legitimate
known filename: wwlaunch.ocx
info link:
info source: Safer Networking Ltd.

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/25/2007 12:31:44 AM
Date (last access): 9/25/2007 12:31:44 AM
Date (last write): 9/25/2007 2:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\cpbrkpie.inf
Codebase: http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
description:
classification: Confirmed as malware
known filename: cpbrkpie.ocx
info link:
info source: Safer Networking Ltd.

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 12/15/2070 3:23:24 AM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/25/2007 12:31:44 AM
Date (last access): 9/25/2007 12:31:44 AM
Date (last write): 9/25/2007 2:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher)
DPF name:
CLSID name: InstantAction Game Launcher
Installer: C:\WINDOWS\Downloaded Program Files\cab.inf
Codebase: http://www.instantaction.com/download/iaplayer.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: iaplayer.dll

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase: http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.



--- Process list ---
PID: 0 ( 0) [System]
PID: 496 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 584 ( 496) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 628 ( 584) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 640 ( 584) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 816 ( 628) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 952 ( 628) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1036 ( 628) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1260 (1208) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1500 ( 628) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1660 ( 628) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 10328
MD5: AA2770FD967DAB91A597619C4EADC0C9
PID: 1684 ( 628) C:\WINDOWS\System32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1768 ( 628) C:\WINDOWS\System32\nvsvc32.exe
size: 57344
MD5: 9AA893D93F1771E832602A81DA5CDB41
PID: 1856 ( 628) C:\WINDOWS\System32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 1888 ( 628) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 6FEB04DE6288F5466391E29057DC5B0E
PID: 1912 ( 628) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1952 ( 628) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: 909F2DC0DA7F57D229A05EE90647B2C3
PID: 1988 ( 628) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3572592
MD5: 36DE9BB8535A25A35F1BD034B9235A44
PID: 380 ( 628) c:\WINDOWS\system32\ZuneBusEnum.exe
size: 59296
MD5: 5E6113A6E0BAE8BEA48A658DF1A7441D
PID: 2148 ( 952) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2872 (2796) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 832 (1684) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 3356 (3140) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
size: 5367664
MD5: 2B0B8C29092FB420826F5A8FD02DC081
PID: 11860 (11848) C:\Program Files\America Online 8.0c\aol.exe
size: 45125
MD5: 43C9CB76E53D5C04B58DE33737C67398
PID: 11868 (11860) C:\Program Files\America Online 8.0c\waol.exe
size: 233539
MD5: 85FF7652343413121B841E16FF6BD713
PID: 12072 (11868) C:\Program Files\America Online 8.0c\aolwbspd.exe
size: 454748
MD5: 82C5CBF4744594203694E6D6D78B5BA7
PID: 1516 (11856) C:\Program Files\Opera\Opera.exe
size: 79360
MD5: 2FE8F9133CB04E4C11BC5F24C025F5D2
PID: 14212 (1988) C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
size: 214384
MD5: 52F8D97D643D83A537B7416A56B4096F
PID: 14248 (12204) C:\WINDOWS\system32\drivers\spools.exe
size: 23952
MD5: 7FDC6B15FAF5719AD63A6BD767C769BD
PID: 14316 (14304) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 892 (3056) C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF
PID: 2080 ( 892) C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 8720384
MD5: 9AE373049D2F9CE108E2471DDAD2E8DF
PID: 4 ( 0) System
PID: 560 ( 496) csrss.exe
size: 6144
PID: 908 ( 628) svchost.exe
size: 14336
PID: 1112 ( 628) svchost.exe
size: 14336
PID: 1268 ( 628) svchost.exe
size: 14336
PID: 1648 ( 628) alg.exe
size: 44544


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/13/2008 9:56:06 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.myspace.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://go.microsoft.com/fwlink/?LinkId=54843
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C2519FA9-6011-4A84-A9BD-8EB73955190C}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C2519FA9-6011-4A84-A9BD-8EB73955190C}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A58D0E6-A353-4CA7-BC0B-52D9AE1442C4}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A58D0E6-A353-4CA7-BC0B-52D9AE1442C4}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2519FA9-6011-4A84-A9BD-8EB73955190C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2519FA9-6011-4A84-A9BD-8EB73955190C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF20E463-EBE1-48F3-995E-7BAA1D7E296D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF20E463-EBE1-48F3-995E-7BAA1D7E296D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9266451-3468-4E49-A7CF-76B2BDF1482C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9266451-3468-4E49-A7CF-76B2BDF1482C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD28C08D-F543-4842-89E3-50E3F85A6771}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD28C08D-F543-4842-89E3-50E3F85A6771}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E13D95EA-2043-4A25-A5A1-CFB941185266}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E13D95EA-2043-4A25-A5A1-CFB941185266}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0CF5703-3ECB-4082-96DE-8C7EBFD93CE7}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C0CF5703-3ECB-4082-96DE-8C7EBFD93CE7}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

Namespace Provider 4: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 14 April 2008 - 07:42 AM

...my friend introduced me into a stupid world of Keygens, which I found out to be bad and illegal and for the most part filled with viruses and spyware.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen and pirated software sites. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows. However, we will try to help you with cleaning your system.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log" and complete all the steps. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users