Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus upon virus. Please give me directions.


  • This topic is locked This topic is locked
7 replies to this topic

#1 siminu2

siminu2

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:08:43 PM

Posted 19 May 2011 - 05:02 PM

After getting the windows recovery malware virus and following some steps I found on this site to remove it and unhide my files other things haven't been working properly. Many of my folders in Microsoft are empty even after unhiding. Google searches take a long time to load, and whenever I click on a result I get redirected or Jumped. I also get IE script errors and unwanted audio for commercials and movies etc with no browser window open. I have used Malwarebytes 4 to 5 times. Sometimes I find something the last however said free and clear. I have used spybot Search & Distroy log is as follows:


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-05-16 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi
2011-05-09 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-03-08 Includes\DialerC.sbi
2011-02-24 Includes\HeavyDuty.sbi
2011-03-29 Includes\Hijackers.sbi
2011-03-29 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2011-03-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2011-04-05 Includes\Malware.sbi
2011-05-09 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2011-03-15 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2011-02-24 Includes\Security.sbi
2011-05-03 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2011-02-24 Includes\Spyware.sbi
2011-05-10 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2011-05-11 Includes\TrojansC-02.sbi
2011-05-11 Includes\TrojansC-03.sbi
2011-05-11 Includes\TrojansC-04.sbi
2011-05-11 Includes\TrojansC-05.sbi
2011-05-11 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB928367)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB2416447)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ KB968930 / SP10: Windows Management Framework Core
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB2378111)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB975558)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows PowerShell 1.0 / SP3: Windows PowerShell
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2183461)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2360131)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2416400)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB2447568)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2482017)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2497640)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB2510531)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB972636)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP10: Update for Microsoft Windows (KB971513)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP2: Windows Blaster Worm Removal Tool (KB833330)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB2079403)
/ Windows XP / SP4: Security Update for Windows XP (KB2115168)
/ Windows XP / SP4: Security Update for Windows XP (KB2121546)
/ Windows XP / SP4: Update for Windows XP (KB2141007)
/ Windows XP / SP4: Hotfix for Windows XP (KB2158563)
/ Windows XP / SP4: Security Update for Windows XP (KB2160329)
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB2259922)
/ Windows XP / SP4: Security Update for Windows XP (KB2279986)
/ Windows XP / SP4: Security Update for Windows XP (KB2286198)
/ Windows XP / SP4: Security Update for Windows XP (KB2296011)
/ Windows XP / SP4: Security Update for Windows XP (KB2296199)
/ Windows XP / SP4: Update for Windows XP (KB2345886)
/ Windows XP / SP4: Security Update for Windows XP (KB2347290)
/ Windows XP / SP4: Security Update for Windows XP (KB2360937)
/ Windows XP / SP4: Security Update for Windows XP (KB2387149)
/ Windows XP / SP4: Security Update for Windows XP (KB2393802)
/ Windows XP / SP4: Security Update for Windows XP (KB2412687)
/ Windows XP / SP4: Security Update for Windows XP (KB2419632)
/ Windows XP / SP4: Security Update for Windows XP (KB2423089)
/ Windows XP / SP4: Security Update for Windows XP (KB2436673)
/ Windows XP / SP4: Security Update for Windows XP (KB2440591)
/ Windows XP / SP4: Security Update for Windows XP (KB2443105)
/ Windows XP / SP4: Hotfix for Windows XP (KB2443685)
/ Windows XP / SP4: Update for Windows XP (KB2467659)
/ Windows XP / SP4: Security Update for Windows XP (KB2476687)
/ Windows XP / SP4: Security Update for Windows XP (KB2478960)
/ Windows XP / SP4: Security Update for Windows XP (KB2478971)
/ Windows XP / SP4: Security Update for Windows XP (KB2479628)
/ Windows XP / SP4: Security Update for Windows XP (KB2483185)
/ Windows XP / SP4: Security Update for Windows XP (KB2485376)
/ Windows XP / SP4: Security Update for Windows XP (KB2485663)
/ Windows XP / SP4: Security Update for Windows XP (KB2503658)
/ Windows XP / SP4: Security Update for Windows XP (KB2506212)
/ Windows XP / SP4: Security Update for Windows XP (KB2506223)
/ Windows XP / SP4: Security Update for Windows XP (KB2507618)
/ Windows XP / SP4: Security Update for Windows XP (KB2508272)
/ Windows XP / SP4: Security Update for Windows XP (KB2508429)
/ Windows XP / SP4: Security Update for Windows XP (KB2509553)
/ Windows XP / SP4: Security Update for Windows XP (KB2511455)
/ Windows XP / SP4: Security Update for Windows XP (KB2524375)
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953155)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Hotfix for Windows XP (KB954708)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Update for Windows XP (KB971029)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977165-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978251)
/ Windows XP / SP4: Security Update for Windows XP (KB978262)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Hotfix for Windows XP (KB979306)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB979687)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Security Update for Windows XP (KB980436)
/ Windows XP / SP4: Security Update for Windows XP (KB981322)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
/ Windows XP / SP4: Security Update for Windows XP (KB981852)
/ Windows XP / SP4: Security Update for Windows XP (KB981957)
/ Windows XP / SP4: Security Update for Windows XP (KB981997)
/ Windows XP / SP4: Security Update for Windows XP (KB982132)
/ Windows XP / SP4: Security Update for Windows XP (KB982214)
/ Windows XP / SP4: Security Update for Windows XP (KB982665)
/ Windows XP / SP4: Security Update for Windows XP (KB982802)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: EA3BE7F5CDEF0FE4DF1BF6DBFE7ABDE0

Located: HK_LM:Run, Display Settings
command: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
file: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe
size: 45056
MD5: 291822FC9D05FBBEFB0EC008FE2213F3

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: F5F1A8CDD473D55F9BF6FE23F715B0FA

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4575C69BC34B111C99A5DFBE8AF10EBB

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
size: 188416
MD5: C2617F4999E0FCD05B2F8CFCA06D979B

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7

Located: HK_LM:Run, HughesNetTools_McciTrayApp
command: C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
file: C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB

Located: HK_LM:Run, LXCYCATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll
size: 106496
MD5: 5610D60C7230BB56647AB40B88AC9476

Located: HK_LM:Run, Microsoft Default Manager
command: "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
file: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
size: 288080
MD5: F8B91C91225E5CAA2B2F0370201021C0

Located: HK_LM:Run, PreloadApp
command: c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
file: c:\hp\drivers\printers\photosmart\hphprld.exe
size: 36864
MD5: 18575BE35BB3312614C035352496F841

Located: HK_LM:Run, QT4HPOT
command: C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
file: C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
size: 102400
MD5: 90FBC142DDCA28073F4BEA745AA1007D

Located: HK_LM:Run, Run StartupMonitor
command: StartupMonitor.exe
file: C:\WINDOWS\StartupMonitor.exe
size: 86016
MD5: 064805A7893898CBF058086832217771

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 692316
MD5: 496286E4E71AE46ED3C3CE5F7B89AAFF

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 102492
MD5: F27104E7BD62053334C6D0CF9EA24683

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA

Located: HK_LM:RunOnceEx,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AVG7_Run
where: .DEFAULT...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, RoboForm
where: .DEFAULT...
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 144448
MD5: A482047B4B7410962B8E9E2D70F3E112

Located: HK_CU:Run, AVG7_Run
where: PE_C_DEFAULT USER...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, RoboForm
where: PE_C_DEFAULT USER...
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 144448
MD5: A482047B4B7410962B8E9E2D70F3E112

Located: HK_CU:Run, AVG7_Run
where: S-1-5-19...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, AVG7_Run
where: S-1-5-20...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2903334678-3380779455-375780182-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, AVG7_Run
where: S-1-5-18...
command: C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
file: C:\PROGRA~1\Grisoft\AVG7\avgw.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, RoboForm
where: S-1-5-18...
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 144448
MD5: A482047B4B7410962B8E9E2D70F3E112

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
size: 233472
MD5: 5DC79FA6E8A946B425DCBFC2447807F0

Located: Startup (disabled), Yahoo! Autosync (DISABLED)
command: C:\PROGRA~1\Yahoo!\YAHOO!~2\AUTOSY~1.EXE
file: C:\PROGRA~1\Yahoo!\YAHOO!~2\AUTOSY~1.EXE
size: 391680
MD5: 1838A49BD46E5CC3116A875EC36EFA9F

Located: Startup (disabled), MEMonitor (DISABLED)
command: C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -m
file: C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
size: 947544
MD5: 595671D0EE3321FC4540BA7B19F22405

Located: Startup (disabled), SUPERAntiSpyware Professional (DISABLED)
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2424560
MD5: B39821DB0A96F40183B4626A2BE9BD47

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn10\
Long name: yt.dll
Short name:
Date (created): 3/23/2010 3:51:16 AM
Date (last access): 5/18/2011 10:21:00 AM
Date (last write): 3/23/2010 3:51:16 AM
Filesize: 1205560
Attributes: archive
MD5: 764B1831B42DB6E4F68B9AEAED433A82
CRC32: D5E80FFA
Version: 2010.3.23.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 5/17/2011 10:25:00 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (Lexmark Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Lexmark Toolbar
Path: C:\Program Files\Lexmark Toolbar\
Long name: toolband.dll
Short name:
Date (created): 4/3/2009 10:08:36 AM
Date (last access): 5/18/2011 10:20:56 AM
Date (last write): 8/9/2006 2:37:24 PM
Filesize: 184320
Attributes: archive
MD5: 24F3A4F9F5FF3CBD589FB7AF614FB9FE
CRC32: C3FB3C60

{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} (FCTBPos00Pos)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: FCTBPos00Pos
CLSID name: Gamers Unite! Snag Bar BHO
Path: C:\Program Files\Gamers Unite! Snag Bar\
Long name: Toolbar.dll
Short name:
Date (created): 4/8/2011 10:04:48 AM
Date (last access): 5/18/2011 10:21:06 AM
Date (last write): 4/8/2011 12:08:08 PM
Filesize: 1545728
Attributes: archive
MD5: 453EBB74B99940F0AFF880717CF4C60B
CRC32: 27BB443B
Version: 3.0.1.59

{2ba521ac-b9b9-4433-ba45-dba2f02cba5a} (speed-bit Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: speed-bit Toolbar
Path: C:\Program Files\speed-bit\
Long name: tbspe1.dll

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/16/2011 8:49:26 PM
Date (last access): 5/18/2011 10:21:08 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll

{7b13ec3e-999a-4b70-b9cb-2617b8323822} (Zynga Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Zynga Toolbar
Path: C:\Program Files\Zynga\
Long name: tbZyng.dll
Short name:
Date (created): 3/22/2011 3:39:12 PM
Date (last access): 5/18/2011 10:21:10 AM
Date (last write): 12/1/2010 11:27:42 AM
Filesize: 2735200
Attributes: archive
MD5: 02DE6B9AE1269AF813FE8B629EE50093
CRC32: 5BCFA001
Version: 5.7.4.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 8/18/2009 11:32:12 AM
Date (last access): 5/18/2011 10:38:14 AM
Date (last write): 8/18/2009 11:32:12 AM
Filesize: 403840
Attributes: archive
MD5: D46ED7D33E847CD9E78E9F02910536B5
CRC32: A5B7CE0C
Version: 6.500.3165.0

{9D425283-D487-4337-BAB6-AB8354A81457} (Search Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Search Toolbar
Path: C:\Program Files\Search Toolbar\
Long name: SearchToolbar.dll
Short name: SEARCH~1.DLL
Date (created): 5/16/2011 3:13:04 PM
Date (last access): 5/18/2011 10:21:04 AM
Date (last write): 4/8/2010 10:52:20 AM
Filesize: 271024
Attributes: archive
MD5: 5DDB11EA4AE68DC90C4D3EB427C290D3
CRC32: F809DAA4
Version: 1.1.0.6

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (MSN Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: MSN Toolbar BHO
Path: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\
Long name: npwinext.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/20/2010 7:47:44 PM
Date (last access): 5/18/2011 10:21:10 AM
Date (last write): 11/20/2010 7:47:44 PM
Filesize: 41760
Attributes: archive
MD5: 3F59EDE1444C14CFBAA15C7EBBFE6196
CRC32: 847C94E6
Version: 6.0.220.4

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 4/16/2010 8:55:34 PM
Date (last access): 5/18/2011 10:59:04 AM
Date (last write): 4/16/2010 8:55:34 PM
Filesize: 1067872
Attributes: archive
MD5: 4A3AE89071321B4E4337DF5E63E946A7
CRC32: AC3F4E5F
Version: 14.0.8117.416

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 11/20/2010 7:47:44 PM
Date (last access): 5/18/2011 10:21:10 AM
Date (last write): 11/20/2010 7:47:44 PM
Filesize: 79648
Attributes: archive
MD5: BEE32BCE0D0A5BF5692D9020BD0C0636
CRC32: B45EB7E6
Version: 6.0.220.4

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn10\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 3/23/2010 3:51:16 AM
Date (last access): 5/18/2011 10:21:10 AM
Date (last write): 3/23/2010 3:51:16 AM
Filesize: 158520
Attributes: archive
MD5: 5DC423D89A927F04F7C562EEDD904012
CRC32: 821A32D2
Version: 2010.3.23.1



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! MahJong (Yahoo! MahJong)
DPF name: Yahoo! MahJong
CLSID name:
Installer:
Codebase: http://origin.games.yahoo.net/games/clients/y/ot0_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Yahoo! MahJong Solitaire (Yahoo! MahJong Solitaire)
DPF name: Yahoo! MahJong Solitaire
CLSID name:
Installer:
Codebase: http://origin.games.yahoo.net/games/clients/y/mjst4_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Yahoo! Spades (Yahoo! Spades)
DPF name: Yahoo! Spades
CLSID name:
Installer:
Codebase: http://origin.games.yahoo.net/games/clients/y/st3_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/templates/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\MICROS~2\OFFICE11\
Long name: IEAWSDC.DLL
Short name:
Date (created): 4/19/2007 2:10:30 PM
Date (last access): 5/18/2011 10:59:04 AM
Date (last write): 4/19/2007 2:10:30 PM
Filesize: 116576
Attributes: archive
MD5: 31BF943E4485A004F6594A7417BA32FB
CRC32: 4CD2E460
Version: 12.0.6027.0

{09C6CAC0-936E-40A0-BC26-707480103DC3} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf
Codebase: http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
description:
classification: Open for discussion
known filename: FLIPSIDE_WEBMOO18.DLL
info link:
info source: Safer Networking Ltd.

{11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
DPF name:
CLSID name: iPIX ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\IPIXX.inf
Codebase: http://www.ipix.com/download/ipixx.cab
description: iPIX ActiveX Control
classification: Legitimate
known filename: ipixx.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: ipixx.ocx
Short name:
Date (created): 6/2/2000 11:29:42 AM
Date (last access): 5/18/2011 10:59:04 AM
Date (last write): 6/2/2000 11:29:42 AM
Filesize: 102912
Attributes: archive
MD5: FF183CADA1ED933276B169E304E88910
CRC32: E85AE186
Version: 6.2.0.5

{11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control)
DPF name:
CLSID name: Adobe Form Control
Installer: C:\WINDOWS\Downloaded Program Files\FormCtl.inf
Codebase: http://www.jud2.ct.gov/webforms/Codebase/FormCtl.cab
description:
classification: Open for discussion
known filename: FormCtl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FormCtl.dll
Short name:
Date (created): 11/29/2002 3:57:20 PM
Date (last access): 5/18/2011 10:59:06 AM
Date (last write): 11/29/2002 3:57:20 PM
Filesize: 1515520
Attributes: archive
MD5: 7865F43CA09F425B85BAC1B35F132950
CRC32: 1C21470C
Version: 5.0.4400.2002

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 2/2/2011 9:55:24 AM
Date (last access): 5/18/2011 10:59:06 AM
Date (last write): 2/2/2011 9:55:24 AM
Filesize: 215992
Attributes: archive
MD5: C597E2251D4A197706E5860CE1565640
CRC32: 53EFBA39
Version: 11.5.9.620

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 8/3/2005 10:33:42 AM
Date (last access): 5/18/2011 10:59:08 AM
Date (last write): 6/25/2009 2:20:28 PM
Filesize: 1485176
Attributes: archive
MD5: 3307A07B81206F354F0D4BEFEE922437
CRC32: 58E4DC38
Version: 1.9.42.0

{17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class)
DPF name:
CLSID name: AimSp32 Class
Installer: C:\WINDOWS\Downloaded Program Files\makeover.inf
Codebase: http://makeover.substance.com/save/makeover.cab
description:
classification: Open for discussion
known filename: AIMSP32.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: aimsp32.dll
Short name:
Date (created): 1/19/2001 6:37:38 PM
Date (last access): 5/18/2011 10:59:08 AM
Date (last write): 1/19/2001 6:37:38 PM
Filesize: 192512
Attributes: archive
MD5: DD87A5B067233CA9918B2F1F832F0457
CRC32: DF754BFD
Version: 1.0.0.3

{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Installer: C:\WINDOWS\Downloaded Program Files\msSecAdv.inf
Codebase: http://protect.microsoft.com/security/protect/WSA/shared/cab/x86/MSSecAdv.cab?1055908079732
description:
classification: Legitimate
known filename: mssecadv.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 9/8/2003 11:30:46 AM
Date (last access): 5/18/2011 10:59:08 AM
Date (last write): 9/8/2003 11:30:46 AM
Filesize: 36960
Attributes: archive
MD5: A4282FD762CE1C4FFA665538E335CFF0
CRC32: 51ECFB75
Version: 5.4.3790.14

{224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class)
DPF name:
CLSID name: PLSAddin Class
Installer: C:\WINDOWS\Downloaded Program Files\PLSSpeller.inf
Codebase: http://www.jud2.ct.gov/webforms/codebase/plsspeller.cab
description:
classification: Open for discussion
known filename: PLSSpeller.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PLSSpeller.dll
Short name: PLSSPE~1.DLL
Date (created): 11/29/2002 4:45:04 PM
Date (last access): 5/18/2011 10:59:08 AM
Date (last write): 11/29/2002 4:45:04 PM
Filesize: 364544
Attributes: archive
MD5: AE40361C397BD13248EEBE5DC44832C5
CRC32: A152A252
Version: 5.0.4400.2002

{231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class)
DPF name:
CLSID name: yucsetreg Class
Installer: C:\Program Files\Yahoo!\common\yucconfig.inf
Codebase: C:\Program Files\Yahoo!\common\yucconfig.dll
description:
classification: Open for discussion
known filename: yucconfig.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: yucconfig.dll
Short name: YUCCON~1.DLL
Date (created): 3/24/2004 12:15:28 PM
Date (last access): 5/18/2011 10:59:08 AM
Date (last write): 9/11/2003 7:59:50 PM
Filesize: 52736
Attributes: archive
MD5: 566D42C943365694E5A9E2E8D3D305CD
CRC32: 8AB27D3D
Version: 2003.8.26.1

{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object)
DPF name:
CLSID name: CR64Loader Object
Installer:
Codebase: http://www.miniclip.com/platypus/miniclipGameLoader.dll
description:
classification: Confirmed as malware
known filename: retro64_loader.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: miniclipGameLoader.dll

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 3/16/2006 4:58:40 PM
Date (last access): 5/18/2011 10:59:10 AM
Date (last write): 3/16/2006 4:58:40 PM
Filesize: 231072
Attributes: archive
MD5: CBB5A26848FDFAC8E7A7967ED4231F91
CRC32: D3DADE38
Version: 2006.2.22.58

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/28/2007 5:55:58 PM
Date (last access): 5/18/2011 10:59:10 AM
Date (last write): 11/28/2007 5:55:58 PM
Filesize: 211744
Attributes: archive
MD5: 48FF0FA1CAB4AD6ACEF9027F34090880
CRC32: 284355E3
Version: 2007.11.28.1

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 10/6/2005 7:06:04 PM
Date (last access): 5/18/2011 10:59:10 AM
Date (last write): 10/6/2005 7:06:04 PM
Filesize: 533504
Attributes: archive
MD5: 1FA6108A549BB63916B5363AFA387E26
CRC32: 2F12E2F7
Version: 12.0.3208.1007

{49232000-16E4-426C-A231-62846947304B} (SysData Class)
DPF name:
CLSID name: SysData Class
Installer: C:\WINDOWS\Downloaded Program Files\SysInfo.inf
Codebase: http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
description:
classification: Legitimate
known filename: SysInfo.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: SysInfo.dll
Short name:
Date (created): 8/2/2004 11:47:54 AM
Date (last access): 5/18/2011 10:59:10 AM
Date (last write): 8/2/2004 11:47:54 AM
Filesize: 208896
Attributes: archive
MD5: 282C32EF59D4BFA0707EA56BCE8C2338
CRC32: 1618BEB6
Version: 1.0.0.2

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 10/8/2004 4:01:22 PM
Date (last access): 5/18/2011 10:59:12 AM
Date (last write): 10/8/2004 4:01:22 PM
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0

{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class)
DPF name:
CLSID name: MUCatalogWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf
Codebase: http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295303634280
Path: C:\WINDOWS\system32\
Long name: MicrosoftUpdateCatalogWebControl.dll
Short name: MICROS~2.DLL
Date (created): 7/23/2009 12:58:22 AM
Date (last access): 5/18/2011 10:59:12 AM
Date (last write): 7/23/2009 12:58:22 AM
Filesize: 145688
Attributes: archive
MD5: 1BA53B78E9A280C3FA7034EBBAE5A39A
CRC32: CEA1D824
Version: 7.4.7057.223

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 2/5/2010 8:52:04 PM
Date (last access): 5/18/2011 10:59:12 AM
Date (last write): 2/5/2010 8:52:04 PM
Filesize: 464272
Attributes: archive
MD5: F99E4BC6D9B4DE664BEEB8781D14F56B
CRC32: C8F6A11C
Version: 1.12.6087.1

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 3/16/2006 4:58:52 PM
Date (last access): 5/18/2011 10:59:12 AM
Date (last write): 3/16/2006 4:58:52 PM
Filesize: 161480
Attributes: archive
MD5: C801EC5E1A9380B0689AF45191B7812B
CRC32: D52D32DD
Version: 2006.2.15.43

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)
DPF name:
CLSID name: DivXBrowserPlugin Object
Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\DivX\DivX Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 7/26/2007 7:03:34 PM
Date (last access): 5/18/2011 10:59:14 AM
Date (last write): 7/26/2007 7:03:34 PM
Filesize: 717312
Attributes: archive
MD5: A13D7CD76E026BA041E9EBA4EEF1EBA0
CRC32: 5932665D
Version: 1.3.1.10

{6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class)
DPF name:
CLSID name: HpProductDetection Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
description:
classification: Legitimate
known filename: HPDeviceDetection.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\HP\Common\
Long name: HPDeviceDetection.dll
Short name: HPDEVI~1.DLL
Date (created): 5/7/2007 11:53:44 AM
Date (last access): 5/18/2011 10:59:14 AM
Date (last write): 5/7/2007 11:53:44 AM
Filesize: 516664
Attributes: archive
MD5: 312C2C77595B224249D50CA278505432
CRC32: AD85C64C
Version: 4.0.2.0

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125889972514
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 8/6/2009 7:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_22.dll
Short name: NPJPI1~1.DLL
Date (created): 9/15/2010 3:29:52 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 9/15/2010 5:50:46 AM
Filesize: 141088
Attributes: archive
MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
CRC32: 2A43B8CC
Version: 6.0.220.4

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer: C:\WINDOWS\Downloaded Program Files\isetup.inf
Codebase: http://www.installengine.com/engine/isetup.cab
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.
Path: c:\windows\downlo~1\
Long name: iSetup.dll
Short name:
Date (created): 9/5/2001 5:22:02 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 9/5/2001 5:22:02 AM
Filesize: 24576
Attributes: archive
MD5: 04A32A90F6F96727D448417FA13D868F
CRC32: C31FE0EF
Version: 6.31.100.1190

{9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class)
DPF name:
CLSID name: ZoneAxRcMgr Class
Installer:
Codebase: http://zone.msn.com/binGame/ZAxRcMgr.cab
description:
classification: Legitimate
known filename: ZAxRcMgr.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZAxRcMgr.ocx
Short name:
Date (created): 12/23/2003 3:52:46 PM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 12/23/2003 3:52:46 PM
Filesize: 62184
Attributes: archive
MD5: 5C761570E7D918860D1B7BDFFD5175CB
CRC32: 32D1AAFA
Version: 9.2.5188.1

{A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo)
DPF name:
CLSID name: Yahoo! MailTo
Installer: C:\Program Files\Yahoo!\Common\ymmapi.inf
Codebase: http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
description:
classification: Legitimate
known filename: ymmapi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: ymmapi.dll
Short name:
Date (created): 3/24/2004 12:44:50 PM
Date (last access): 5/18/2011 10:31:02 AM
Date (last write): 6/28/2007 5:41:02 PM
Filesize: 285464
Attributes: archive
MD5: 42D08A04BEA63D24545C543583BC5D7A
CRC32: 809515CF
Version: 2005.1.1.12

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://www.crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/23/2006 10:37:28 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 10/23/2006 10:37:28 AM
Filesize: 241664
Attributes: archive
MD5: 20C3403D5BC63883D8E2F3EDDC340AFF
CRC32: 34EF62D4
Version: 2.2.0.1

{AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
DPF name:
CLSID name: HeartbeatCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\heartbeat.inf
Codebase: http://fdl.msn.com/zone/datafiles/heartbeat.cab
description:
classification: Legitimate
known filename: HRTBEAT.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: hrtbeat.ocx
Short name:
Date (created): 9/18/2001 6:37:48 PM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 9/18/2001 6:37:48 PM
Filesize: 101451
Attributes: archive
MD5: 06DDD56BB43CB6FDA26C9D65396EDA78
CRC32: 8BFE3040
Version: 6.2.2808.1

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 4/6/2004 7:03:12 PM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 2/1/2005 12:26:46 AM
Filesize: 117800
Attributes: archive
MD5: 9EA94132E01979F0867243DE7D151A26
CRC32: 7670E697
Version: 9.3.4246.1

{B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class)
DPF name:
CLSID name: YAddBook Class
Installer: C:\Program Files\Yahoo!\Common\yaddbook.dll
Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
description: Yahoo! Address book
classification: Legitimate
known filename: %ProgramFiles%\Yahoo!\Common\yaddbook.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yaddbook.dll
Short name:
Date (created): 6/14/2004 6:13:16 PM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 6/14/2004 6:13:16 PM
Filesize: 218184
Attributes: archive
MD5: ACC63341696FD63627720F2858F72B3E
CRC32: 80D50344
Version: 2004.6.14.1

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
DPF name:
CLSID name: a-squared Scanner
Installer:
Codebase: http://ax.emsisoft.com/asquared.cab
description:
classification: Legitimate
known filename: axscan.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: asquared.ocx
Short name:
Date (created): 4/4/2006 7:25:04 PM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 4/4/2006 7:25:04 PM
Filesize: 857088
Attributes: archive
MD5: CA3D35CBE3A6FC9B622DA755B7A554A3
CRC32: 8A0B8714
Version: 1.0.0.163

{BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class)
DPF name:
CLSID name: View22RTE Class
Installer: C:\WINDOWS\Downloaded Program Files\v22.inf
Codebase: http://66.242.36.104/app/view22RTE.cab
description:
classification: Open for discussion
known filename: View22RTE.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: View22RTE.dll
Short name: VIEW22~1.DLL
Date (created): 1/12/2006 5:14:34 PM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 1/12/2006 5:14:34 PM
Filesize: 585728
Attributes: archive
MD5: A04532DD3A7857601DFACE493B96D79F
CRC32: FE0C1826
Version: 3.6.0.29

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_22.dll
Short name: NPJPI1~1.DLL
Date (created): 9/15/2010 3:29:52 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 9/15/2010 5:50:46 AM
Filesize: 141088
Attributes: archive
MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
CRC32: 2A43B8CC
Version: 6.0.220.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_22.dll
Short name: NPJPI1~1.DLL
Date (created): 9/15/2010 3:29:52 AM
Date (last access): 5/18/2011 10:59:16 AM
Date (last write): 9/15/2010 5:50:46 AM
Filesize: 141088
Attributes: archive
MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
CRC32: 2A43B8CC
Version: 6.0.220.4

{CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object)
DPF name:
CLSID name: Zylom Loader Object
Installer: C:\WINDOWS\Downloaded Program Files\zylomloader.inf
Codebase: http://game19.zylomgames.com/activex/zylomloader.cab
description:
classification: Legitimate
known filename: zylomloader.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: zylomloader.dll
Short name: ZYLOML~1.DLL
Date (created): 6/15/2004 9:52:56 AM
Date (last access): 5/18/2011 10:59:18 AM
Date (last write): 6/15/2004 9:52:56 AM
Filesize: 221184
Attributes: archive
MD5: F51AC085F67FA113F37290FDD8655BB1
CRC32: C26A0BE3
Version: 1.0.0.6

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10o.ocx
Short name:
Date (created): 4/2/2011 3:07:56 AM
Date (last access): 5/18/2011 10:21:14 AM
Date (last write): 4/2/2011 3:07:58 AM
Filesize: 6163104
Attributes: readonly archive
MD5: C7EDFB94546E86183F4E911F88BD3759
CRC32: 7D074744
Version: 10.2.153.1

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
Codebase: https://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

{E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class)
DPF name:
CLSID name: HeartbeatCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\heartbeat.inf
Codebase: http://fdl.msn.com/zone/datafiles/heartbeat.cab
description:
classification: Legitimate
known filename: hrtbeat.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\
Long name: hrtbeat.ocx
Short name:
Date (created): 7/26/2004 8:36:00 PM
Date (last access): 5/18/2011 10:59:28 AM
Date (last write): 7/26/2004 8:36:00 PM
Filesize: 101464
Attributes: archive
MD5: 4BB1D03DFDFBBC51A7EC5D65D269EF42
CRC32: 5A8F1091
Version: 9.2.9524.1

{E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class)
DPF name:
CLSID name: VOGWeb2 Class
Installer: C:\WINDOWS\Downloaded Program Files\vogweb2.inf
Codebase: http://67.18.204.35/activex/vogweb29.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: VOGWeb2.dll
Short name:
Date (created): 12/9/2002 6:21:34 PM
Date (last access): 5/18/2011 10:59:28 AM
Date (last write): 12/9/2002 6:21:34 PM
Filesize: 94208
Attributes: archive
MD5: 2C269C07C471A82CECD7B69BD3D31575
CRC32: 401D5036
Version: 1.0.2.29

{EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer)
DPF name:
CLSID name: Adobe Soft Font Installer
Installer: C:\WINDOWS\Downloaded Program Files\FontInstaller.inf
Codebase: http://www.jud2.ct.gov/webforms/codebase/fontinstaller.cab
description:
classification: Open for discussion
known filename: FontInstaller.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FontInstaller.dll
Short name: FONTIN~1.DLL
Date (created): 11/29/2002 4:40:10 PM
Date (last access): 5/18/2011 10:59:28 AM
Date (last write): 11/29/2002 4:40:10 PM
Filesize: 450560
Attributes: archive
MD5: 3A529460BFC8EEAA0C7261311EEB4DBB
CRC32: BAFBDEB0
Version: 5.0.4400.2002

{F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexico.inf
Codebase: http://dictionary.reference.com/tools/toolbar/lexico.cab

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
Codebase: http://chat.msn.com/controls/msnchat45.cab
description:
classification: Legitimate
known filename: MSNChat45.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 10/27/2003 11:35:44 AM
Date (last access): 5/18/2011 10:59:28 AM
Date (last write): 10/27/2003 11:35:44 AM
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 9.2.310.2401



--- Process list ---
PID: 0 ( 0) [System]
PID: 688 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 752 ( 688) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 776 ( 688) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 820 ( 776) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 832 ( 776) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 996 ( 820) C:\WINDOWS\System32\Ati2evxx.exe
size: 397312
MD5: A8464CA51C598101A3FEF341F4F0B6E0
PID: 1008 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1076 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1152 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1208 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1352 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1504 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1804 ( 820) C:\WINDOWS\system32\spoolsv.exe
size: 58880
MD5: 60784F891563FB1B767F70117FC2428F
PID: 632 ( 568) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1240 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1228 ( 820) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
size: 52736
MD5: 2C8DD508D8736394D931F38EB4016FB2
PID: 1516 ( 820) C:\WINDOWS\system32\HPConfig.exe
size: 151552
MD5: CD040AC1F1B10F5AE56A1F51D107AB9B
PID: 1572 ( 820) C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
size: 53248
MD5: D7996316CF7156A56A60329CCC55750B
PID: 1612 ( 820) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
size: 13088
MD5: 1A263BD87C082FA7AB38093014C8FC79
PID: 1732 ( 820) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 9AE07549A0D691A103FAF8946554BDB7
PID: 1752 ( 820) C:\WINDOWS\system32\drivers\KodakCCS.exe
size: 322104
MD5: 4E1060D2F3B745931CF83B3649BE8A57
PID: 1868 ( 820) C:\WINDOWS\system32\lxcycoms.exe
size: 537264
MD5: A4B2C07BC4060811EFEE33784BDE8B8F
PID: 1908 ( 820) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2028 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 368 ( 820) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
size: 1529728
MD5: 5144AE67D60EC653F97DDF3FEED29E77
PID: 484 ( 820) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 2252 ( 820) C:\Program Files\Linksys\WUSB54GSC\WLService.exe
size: 53307
MD5: CCFDECD6060EA8EB0F8466782A97FF21
PID: 2264 ( 820) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2272 (2252) C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
size: 5646848
MD5: 290F64EE6A50B27D4E7126B10C035DF3
PID: 2572 ( 368) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
size: 183152
MD5: E91B5FA739CCF7F0CE3282B0FCFA5108
PID: 3220 ( 632) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 102492
MD5: F27104E7BD62053334C6D0CF9EA24683
PID: 3228 ( 632) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 692316
MD5: 496286E4E71AE46ED3C3CE5F7B89AAFF
PID: 3264 ( 632) C:\WINDOWS\StartupMonitor.exe
size: 86016
MD5: 064805A7893898CBF058086832217771
PID: 3272 ( 632) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 3288 ( 632) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
size: 188416
MD5: C2617F4999E0FCD05B2F8CFCA06D979B
PID: 3300 ( 632) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 4575C69BC34B111C99A5DFBE8AF10EBB
PID: 3340 ( 632) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: F5F1A8CDD473D55F9BF6FE23F715B0FA
PID: 3656 ( 632) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
PID: 3780 ( 632) C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: 34A14CD6B6E9C8BFBABEAF6EED5149BB
PID: 3800 ( 632) C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: EA3BE7F5CDEF0FE4DF1BF6DBFE7ABDE0
PID: 3992 ( 632) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 4012 ( 820) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3600 (1008) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2056 (3600) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 3736 (3656) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
size: 501480
MD5: DB1A23EE7DD2E5E04E7DE071A6BEF699
PID: 4852 ( 820) C:\WINDOWS\System32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 3660 ( 820) C:\WINDOWS\System32\msdtc.exe
size: 6144
MD5: A137F1470499A205ABBB9AAFB3B6F2B1
PID: 3532 (3628) C:\Program Files\Google\Update\Install\{08D4C92F-EA59-4092-A1CE-7EDD82124E5B}\googletoolbarinstaller_en32_signed.exe
PID: 2380 (1008) C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
size: 135168
MD5: FB564FF2C5AEC5850176E59517400E41
PID: 3364 (3656) C:\Program Files\Java\jre6\bin\javaws.exe
size: 153376
MD5: 42278A946AB729CB746AA47D48F5FCC0
PID: 6080 (3364) C:\Program Files\Java\jre6\bin\javaw.exe
size: 145184
MD5: 87893167C98FCEF5D14077511F219B75
PID: 1812 (3280) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 6068 ( 632) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4336 (6068) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 3444 (4336) C:\Documents and Settings\Owner\Desktop\Virus software\stinger10101573.exe
PID: 5968 ( 632) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 963976
MD5: 4CEC4B72C5B255EC2F7C54CD03554540
PID: 5244 ( 632) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/18/2011 11:02:24 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://srch-us4nb.hpwis.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EBCEC85-9BF2-45CD-A366-4B9D201AF9FD}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EBCEC85-9BF2-45CD-A366-4B9D201AF9FD}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9919139E-A9AA-4ADF-BFCC-C06BE6F01E0B}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9919139E-A9AA-4ADF-BFCC-C06BE6F01E0B}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B88F3E-E15D-4FA7-B62F-8C7AD661AC5C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B88F3E-E15D-4FA7-B62F-8C7AD661AC5C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC7591CB-3827-4071-AD7C-11531F89B70D}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC7591CB-3827-4071-AD7C-11531F89B70D}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6310D870-05F2-4F57-86F2-69838E93589F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{349E0C2B-D186-4D1B-B8ED-C19961BC2706}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C874B908-CE15-4489-A973-BC319136EFE3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C874B908-CE15-4489-A973-BC319136EFE3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FB8D1F3-3183-4723-BAC5-053DB605B05E}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FB8D1F3-3183-4723-BAC5-053DB605B05E}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
AVG shows more problems, some I can not fix.

Scan "Whole computer scan" completed.
Infections;"12";"6";"6"
Spyware;"3";"3";"0"
Warnings;"3";"3";"0"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Thursday, May 19, 2011, 10:13:01 AM"
Scan finished:;"Thursday, May 19, 2011, 2:27:53 PM (4 hour(s) 14 minute(s) 52 second(s))"
Total object scanned:;"1277110"
User who launched the scan:;"Owner"

Infections
;"File";"Infection";"Result"
;"C:\WINDOWS\system32\services.exe (1036)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\WINDOWS\explorer.exe (1660)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\Program Files\Internet Explorer\iexplore.exe (4004)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\Program Files\Internet Explorer\iexplore.exe (3524)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\Program Files\Internet Explorer\iexplore.exe (3272)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\Program Files\Internet Explorer\iexplore.exe (176)";"Trojan horse Cryptic.CVD";"Deleted"
;"C:\WINDOWS\system32\services.exe (1036):\memory_001b0000";"Trojan horse Cryptic.CVD";"Infected"
;"C:\WINDOWS\explorer.exe (1660):\memory_001b0000";"Trojan horse Cryptic.CVD";"Infected"
;"C:\Program Files\Internet Explorer\iexplore.exe (4004):\memory_00270000";"Trojan horse Cryptic.CVD";"Infected"
;"C:\Program Files\Internet Explorer\iexplore.exe (3524):\memory_00270000";"Trojan horse Cryptic.CVD";"Infected"
;"C:\Program Files\Internet Explorer\iexplore.exe (3272):\memory_00270000";"Trojan horse Cryptic.CVD";"Infected"
;"C:\Program Files\Internet Explorer\iexplore.exe (176):\memory_00270000";"Trojan horse Cryptic.CVD";"Infected"

Spyware
;"File";"Infection";"Result"
;"C:\Program Files\Excite\PrvtMsgr\iMSetup.exe";"Adware Generic2.PJK";"Moved to Virus Vault"
;"C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll";"Adware Generic.LFS";"Moved to Virus Vault"
;"C:\Program Files\Excite\PrvtMsgr\2.backup\X8IDLE.DLL";"Adware Generic.LFS";"Moved to Virus Vault"

Warnings
;"File";"Infection";"Result"
;"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge";"Found Adware.BroadCastPC";"Moved to Virus Vault"
;"C:\Documents and Settings\Owner\My Documents\utorrent.exe";"Corrupted executable file";"Moved to Virus Vault"
;"C:\Documents and Settings\Owner\My Documents\tools.exe";"Corrupted executable file";"Moved to Virus Vault"

I have used RKill to regain control of my computer at some point but really need help


I have tried everything I can find and now I need your help if possible.

Edited by hamluis, 19 May 2011 - 05:19 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:43 PM

Posted 19 May 2011 - 10:03 PM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd


Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:08:43 PM

Posted 19 May 2011 - 10:31 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6564

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2011 12:19:39 AM
mbam-log-2011-05-18 (00-19-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 325378
Time elapsed: 3 hour(s), 31 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


TDSS Rootkit Removing Tool will not open even by changing name and extention. Downloaded and changed name before installing

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:43 PM

Posted 20 May 2011 - 05:12 AM

Go to Posted Image > Run..., and copy and paste this command into the open box: c:\windows\system32\drivers\
Click OK.

In the list of files displayed, locate: volsnap.sys

Go to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
-- Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:08:43 PM

Posted 20 May 2011 - 10:24 AM

Jotti's malware scan on file volsnap.sys

This file has been scanned before. The results for this previous scan are listed below.





--------------------------------------------------------------------------------

Filename: A0482642.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Tue 17 May 2011 21:19:53 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 52352 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 4c8fcb5cc53aab716d810740fe59d025
SHA1: da4e0035c58c0edb422eace57b35c90027e15f59
Packer (Kaspersky): PE_Patch







Scanners
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing 2011-05-17 Found nothing
2011-05-17 Found nothing No result available
2011-05-17 Found nothing 2011-05-17 Found nothing



--------------------------------------------------------------------------------



Scan a file - Hash search - Frequently Asked Questions - Privacy policy

2004-2011 Jotti <jotti@jotti.org>

I had also scanned complete system 32 file results below:

VirSCAN.org Scanned Report :
Scanned time : 2010/08/23 11:56:17 (PDT)
Scanner results: Scanners did not find malware!
File Name : ws2_32.dll
File Size : 82432 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1 : 7cf3366c68e402eb3678046fe97651a586044560
Online report : http://file.virscan.org/report/cef28dc48e23f4acfc7a4cfdefbcb449.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100824022945 2010-08-24 7.39 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 1.33 -
AntiVir 8.2.4.38 7.10.11.1 2010-08-23 0.27 -
Antiy 2.0.18 20100821.4955373 2010-08-21 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201008231602 2010-08-23 1.30 -
AVAST! 4.7.4 100822-1 2010-08-22 0.02 -
AVG 8.5.793 271.1.1/3089 2010-08-23 0.23 -
BitDefender 7.90123.6176905 7.33536 2010-08-24 4.79 -
ClamAV 0.96.1 11629 2010-08-24 0.03 -
Comodo 4.0 5832 2010-08-23 1.44 -
CP Secure 1.3.0.5 2010.08.24 2010-08-24 0.05 -
Dr.Web 5.0.2.3300 2010.08.24 2010-08-24 9.01 -
F-Prot 4.4.4.56 20100822 2010-08-22 1.31 -
F-Secure 7.02.73807 2010.08.23.05 2010-08-23 0.19 -
Fortinet 4.1.143 12.270 2010-08-22 0.27 -
GData 21.709/21.277 20100823 2010-08-23 7.59 -
ViRobot 20100823 2010.08.23 2010-08-23 0.36 -
Ikarus T3. 2010.08.23.76584 2010-08-23 4.99 -
JiangMin 13.0.900 2010.08.23 2010-08-23 2.00 -
Kaspersky 5.5.10 2010.08.23 2010-08-23 0.14 -
KingSoft 2009.2.5.15 2010.8.23.18 2010-08-23 0.82 -
McAfee 5400.1158 6083 2010-08-23 18.31 -
Microsoft 1.6103 2010.08.23 2010-08-23 5.69 -
Norman 6.05.11 6.05.00 2010-08-23 8.01 -
Panda 9.05.01 2010.08.16 2010-08-16 3.50 -
Trend Micro 9.120-1004 7.404.11 2010-08-23 0.03 -
Quick Heal 11.00 2010.08.23 2010-08-23 3.23 -
Rising 20.0 22.62.00.04 2010-08-23 1.76 -
Sophos 3.10.0 4.56 2010-08-24 4.17 -
Sunbelt 3.9.2432.2 6777 2010-08-22 12.12 -
Symantec 1.3.0.24 20100823.002 2010-08-23 0.07 -
nProtect 20100823.01 8856029 2010-08-23 8.76 -
The Hacker 6.5.2.1 v00355 2010-08-23 0.34 -
VBA32 3.12.14.0 20100822.2033 2010-08-22 3.19 -
VirusBuster 4.5.11.10 10.127.64/2045195 2010-08-23 2.43 -

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:43 PM

Posted 20 May 2011 - 01:16 PM

This issue will require further investigation. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:43 PM

Posted 21 May 2011 - 08:05 PM

I have moved (split away) your log to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:43 PM

Posted 21 May 2011 - 10:56 PM

Hello,

I have deleted the log that has been split away as you have a topic in the log forum already awaiting your response here: http://www.bleepingcomputer.com/forums/topic397959.html/

Please be sure to follow your helper's instructions.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users