Jump to content

nikoonah

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nikoonah
    Mieke, that seemed to have fixed the issue. Thank you SO much for the help! Happy Holidays to you!
  2. nikoonah
    I followed the instructions and receive "ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts". What next?
  3. nikoonah
    Having some massive problems with MIL's computer so do a Malware scan and it comes clean. Do a Spybot scan and it advises I have Fraud.WindowsProtectionSuite and Microsoft.Windows.Redirected Hosts. Quick search indicates MalwareBytes should clean this out yet dispite an update and uninstall/reinstall/update I still have this issue. Any help is appreciated! DSS log: DDS (Ver_09-12-01.01) - NTFSx86 Run by hp people at 11:47:07.37 on Wed 12/23/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1016.431 [GMT -5:00] AV: Additional Guard *On-access scanning enabled* (Updated) {A3D5D5B5-6D0B-4B73-BF5C-D861CEEDF182} FW: Additional Guard *enabled* {D480716B-79BC-428B-8B74-86BFDB42E1DB} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\hp people\Local Settings\Temporary Internet Files\Content.IE5\3DHYKDN6\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [AlcxMonitor] ALCXMNTR.EXE mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: image file execution options - svchost.exe IFEO: brastk.exe - svchost.exe Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hppeop~1\applic~1\mozilla\firefox\profiles\tm7fba5a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\documents and settings\hp people\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862wicb.sys --> c:\windows\system32\drivers\2862WICB.sys [?] =============== Created Last 30 ================ 2009-12-23 15:23:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-23 15:22:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-23 15:22:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-19 04:19:24 0 d-----w- c:\windows\system32\etc 2009-12-19 03:37:16 0 d-----w- c:\program files\Trojan Remover 2009-12-19 03:28:34 0 d-----w- c:\windows\pss 2009-12-19 02:24:16 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 02:24:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-12-08 02:22:31 0 ----a-w- c:\windows\system32\18467.exe 2009-12-08 02:02:20 1 ----a-w- C:\s 2009-12-08 02:01:07 69 ----a-w- c:\windows\NeroDigital.ini 2009-12-03 19:14:04 0 ----a-w- c:\windows\PhotoPro.INI 2009-12-02 19:14:21 0 d-----w- c:\docume~1\hppeop~1\applic~1\Malwarebytes 2009-12-02 19:14:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-02 04:05:17 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WIKREDLUDNAG 2009-12-02 04:04:27 0 d-sh--w- c:\docume~1\alluse~1\applic~1\38cb815 ==================== Find3M ==================== 2009-11-01 19:51:35 121278 ----a-w- c:\windows\HPHins15.dat 2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:46:52 78336 ------w- c:\windows\system32\ieencode.dll 2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll ============= FINISH: 11:47:43.29 =============== MWAB log: Malwarebytes' Anti-Malware 1.42 Database version: 3415 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 12/23/2009 10:46:45 AM mbam-log-2009-12-23 (10-46-45).txt Scan type: Full Scan (C:\|) Objects scanned: 138084 Time elapsed: 21 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Spybot log: --- Search result list --- Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) 4-open-davinci.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) securitysoftwarepayments.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) privatesecuredpayments.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) secure.privatesecuredpayments.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) getantivirusplusnow.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) secure-plus-payments.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) www.getantivirusplusnow.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) www.secure-plus-payments.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) www.getavplusnow.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) safebrowsing-cache.google.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) urs.microsoft.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) www.securesoftwarebill.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) secure.paysecuresystem.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) paysoftbillsolution.com=74.125.45.100 Fraud.WindowsProtectionSuite: [sBI $B197733A] Redirected host (Redirected host, nothing done) protected.maxisoftwaremart.com=74.125.45.100 Microsoft.Windows.RedirectedHosts: [sBI $B89FBA81] Redirected host (Redirected host, nothing done) www.securesoftwarebill.com=74.125.45.100 Microsoft.Windows.RedirectedHosts: [sBI $19781685] Redirected host (Redirected host, nothing done) secure.paysecuresystem.com=74.125.45.100 Microsoft.Windows.RedirectedHosts: [sBI $CEFF52BA] Redirected host (Redirected host, nothing done) paysoftbillsolution.com=74.125.45.100 DoubleClick: Tracking cookie (Firefox: hp people (default)) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-12-18 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-10-08 Includes\Adware.sbi (*) 2009-12-15 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-11-03 Includes\Dialer.sbi (*) 2009-12-15 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2009-12-15 Includes\HijackersC.sbi (*) 2009-12-15 Includes\Keyloggers.sbi (*) 2009-12-15 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-12-15 Includes\Malware.sbi (*) 2009-12-15 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2009-12-15 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-12-15 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-11-03 Includes\Spyware.sbi (*) 2009-12-15 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-12-08 Includes\Trojans.sbi (*) 2009-12-15 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 (5.1.2600) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player: Security Update for Windows Media Player (KB952069) / Windows Media Player: Security Update for Windows Media Player (KB954155) / Windows Media Player: Security Update for Windows Media Player (KB968816) / Windows Media Player: Security Update for Windows Media Player (KB973540) / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683) / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB974455) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB976325) / Windows XP / SP0: Update for Windows Internet Explorer 7 (KB976749) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows XP Hotfix - KB885884 / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Hotfix for Windows XP (KB926239) / Windows XP / SP3: Security Update for Windows XP (KB958470) / Windows XP / SP4: Security Update for Windows XP (KB923561) / Windows XP / SP4: Security Update for Windows XP (KB938464-v2) / Windows XP / SP4: Security Update for Windows XP (KB946648) / Windows XP / SP4: Security Update for Windows XP (KB950762) / Windows XP / SP4: Security Update for Windows XP (KB950974) / Windows XP / SP4: Security Update for Windows XP (KB951066) / Windows XP / SP4: Security Update for Windows XP (KB951376-v2) / Windows XP / SP4: Security Update for Windows XP (KB951748) / Windows XP / SP4: Security Update for Windows XP (KB952004) / Windows XP / SP4: Hotfix for Windows XP (KB952287) / Windows XP / SP4: Security Update for Windows XP (KB952954) / Windows XP / SP4: Security Update for Windows XP (KB954600) / Windows XP / SP4: Security Update for Windows XP (KB955069) / Windows XP / SP4: Security Update for Windows XP (KB956572) / Windows XP / SP4: Security Update for Windows XP (KB956802) / Windows XP / SP4: Security Update for Windows XP (KB956803) / Windows XP / SP4: Security Update for Windows XP (KB956844) / Windows XP / SP4: Security Update for Windows XP (KB957097) / Windows XP / SP4: Security Update for Windows XP (KB958644) / Windows XP / SP4: Security Update for Windows XP (KB958687) / Windows XP / SP4: Security Update for Windows XP (KB958869) / Windows XP / SP4: Security Update for Windows XP (KB959426) / Windows XP / SP4: Security Update for Windows XP (KB960225) / Windows XP / SP4: Security Update for Windows XP (KB960803) / Windows XP / SP4: Security Update for Windows XP (KB960859) / Windows XP / SP4: Security Update for Windows XP (KB961371-v2) / Windows XP / SP4: Security Update for Windows XP (KB961501) / Windows XP / SP4: Update for Windows XP (KB967715) / Windows XP / SP4: Update for Windows XP (KB968389) / Windows XP / SP4: Security Update for Windows XP (KB968537) / Windows XP / SP4: Security Update for Windows XP (KB969059) / Windows XP / SP4: Security Update for Windows XP (KB969947) / Windows XP / SP4: Security Update for Windows XP (KB970238) / Windows XP / SP4: Security Update for Windows XP (KB970430) / Windows XP / SP4: Hotfix for Windows XP (KB970653-v3) / Windows XP / SP4: Security Update for Windows XP (KB971486) / Windows XP / SP4: Security Update for Windows XP (KB971557) / Windows XP / SP4: Security Update for Windows XP (KB971633) / Windows XP / SP4: Security Update for Windows XP (KB971657) / Windows XP / SP4: Update for Windows XP (KB971737) / Windows XP / SP4: Security Update for Windows XP (KB971961) / Windows XP / SP4: Security Update for Windows XP (KB973346) / Windows XP / SP4: Security Update for Windows XP (KB973354) / Windows XP / SP4: Security Update for Windows XP (KB973507) / Windows XP / SP4: Security Update for Windows XP (KB973525) / Windows XP / SP4: Update for Windows XP (KB973687) / Windows XP / SP4: Update for Windows XP (KB973815) / Windows XP / SP4: Security Update for Windows XP (KB973869) / Windows XP / SP4: Security Update for Windows XP (KB973904) / Windows XP / SP4: Security Update for Windows XP (KB974112) / Windows XP / SP4: Security Update for Windows XP (KB974318) / Windows XP / SP4: Security Update for Windows XP (KB974392) / Windows XP / SP4: Security Update for Windows XP (KB974571) / Windows XP / SP4: Security Update for Windows XP (KB975025) / Windows XP / SP4: Security Update for Windows XP (KB975467) / Windows XP / SP4: Hotfix for Windows XP (KB976098-v2) --- Startup entries list --- Located: HK_LM:Run, AlcxMonitor command: ALCXMNTR.EXE file: C:\WINDOWS\ALCXMNTR.EXE size: 57344 MD5: 7B8875A5B04932AC73AFD8079864DB68 Located: HK_LM:Run, HotKeysCmds command: C:\WINDOWS\system32\hkcmd.exe file: C:\WINDOWS\system32\hkcmd.exe size: 118784 MD5: EA5DD164296F66241BEAD39E12FA69F2 Located: HK_LM:Run, IgfxTray command: C:\WINDOWS\system32\igfxtray.exe file: C:\WINDOWS\system32\igfxtray.exe size: 155648 MD5: 8BBBADA96FFE1449EDD39256EDA99CD8 Located: HK_LM:Run, RemoteControl command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe size: 32768 MD5: 915A106A2FB87292CEF0AD4F36ADF313 Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe size: 429392 MD5: 2970CFA4346986666874A033088231AF Located: HK_CU:Run, ctfmon.exe where: S-1-5-21-1123561945-1563985344-682003330-1004... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-1123561945-1563985344-682003330-1004... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 Located: Startup (common), Microsoft Office.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\Microsoft Office\Office10\OSA.EXE file: C:\Program Files\Microsoft Office\Office10\OSA.EXE size: 83360 MD5: 5BC65464354A9FD3BEAA28E18839734A Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, igfxcui command: igfxsrvc.dll file: igfxsrvc.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: AcroIEHelperStub CLSID name: Adobe PDF Link Helper Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\ Long name: AcroIEHelperShim.dll Short name: ACROIE~2.DLL Date (created): 2/27/2009 1:07:26 PM Date (last access): 12/23/2009 10:15:32 AM Date (last write): 2/27/2009 1:07:26 PM Filesize: 75128 Attributes: archive MD5: 5CF6190CD875DA6B35256FEE573E7908 CRC32: 764BA81B Version: 9.1.0.163 {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 12/18/2009 9:24:18 PM Date (last access): 12/23/2009 11:40:32 AM Date (last write): 1/26/2009 3:31:02 PM Filesize: 1879896 Attributes: archive MD5: 022C2F6DCCDFA0AD73024D254E62AFAC CRC32: 5BA24007 Version: 1.6.2.14 --- ActiveX list --- {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\gp.inf Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab --- Process list --- PID: 0 ( 0) [system] PID: 420 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 476 ( 420) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 500 ( 420) \??\C:\WINDOWS\system32\winlogon.exe size: 502272 PID: 544 ( 500) C:\WINDOWS\system32\services.exe size: 110592 MD5: 37561F8D4160D62DA86D24AE41FAE8DE PID: 556 ( 500) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 696 ( 544) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 756 ( 544) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 792 ( 544) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 840 ( 544) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 880 ( 544) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1064 ( 544) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: 7435B108B935E42EA92CA94F59C8E717 PID: 1148 ( 544) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1204 ( 544) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe size: 270336 MD5: 0EFEE4F2D23BA2D8B27FBA942106E0E1 PID: 1272 ( 544) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1544 ( 544) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 1796 (1712) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 2016 (1796) C:\WINDOWS\system32\igfxtray.exe size: 155648 MD5: 8BBBADA96FFE1449EDD39256EDA99CD8 PID: 2028 (1796) C:\WINDOWS\system32\hkcmd.exe size: 118784 MD5: EA5DD164296F66241BEAD39E12FA69F2 PID: 2040 (1796) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe size: 32768 MD5: 915A106A2FB87292CEF0AD4F36ADF313 PID: 156 (1796) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 164 (1796) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 PID: 1216 ( 792) C:\WINDOWS\system32\wuauclt.exe size: 53472 MD5: 62BB79160F86CD962F312C68C6239BFD PID: 2036 (1796) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 1092 (1796) C:\Program Files\Internet Explorer\iexplore.exe size: 634632 MD5: 4F9B04D546C23A295F3F0AE015BE51DB PID: 956 (1796) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe size: 1394000 MD5: E75105DF25DA39DCAC3EBB6D1C2AB79C PID: 1740 ( 956) C:\WINDOWS\system32\NOTEPAD.EXE size: 69120 MD5: 388B8FBC36A8558587AFC90FB23A3B99 PID: 188 (1796) C:\WINDOWS\system32\NOTEPAD.EXE size: 69120 MD5: 388B8FBC36A8558587AFC90FB23A3B99 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 12/23/2009 12:25:19 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.google.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBAEC3FA-3643-4C3E-BB19-C1C184AA382F}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBAEC3FA-3643-4C3E-BB19-C1C184AA382F}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5ABE2B71-866B-49FC-B6A2-9B1824FBA38D}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5ABE2B71-866B-49FC-B6A2-9B1824FBA38D}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51BD6592-9F47-4E88-ACB7-2505A1EF06CA}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51BD6592-9F47-4E88-ACB7-2505A1EF06CA}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.