Jump to content

Recommended Posts

I downloaded Winrar from Cnet and got tis super nasty malware/virus. I ran the other programs and here is my first log file.

Malwarebytes' Anti-Malware 1.31

Database version: 1475

Windows 5.1.2600 Service Pack 3

12/8/2008 5:19:09 PM

mbam-log-2008-12-08 (17-19-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 86845

Time elapsed: 1 hour(s), 16 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 14

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Files Infected:

C:\System Volume Information\_restore{CC93DB50-DFF3-41E0-BCBF-C8922AA3297D}\RP578\A0188491.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

ok here is the Panda log.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-08 23:18:16

PROTECTIONS: 1

MALWARE: 30

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@casalemedia[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@atdmt[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@247realmedia[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@mediaplex[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@yadro[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@statcounter[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@www.burstbeacon[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@media.adrevolver[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@ads.pointroll[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@realmedia[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@zedo[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@adrevolver[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@adultfriendfinder[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@did-it[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@smartadserver[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@ads.addynamix[2].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Jacqui\Cookies\jacqui@adserver.easyad[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location $

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description $

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Here is spybots log too. Next will be hijackthis log

--- Search result list ---

Hint of the Day: Click the bar at the right of this to see more information! ()

Microsoft.WindowsSecurityCenter_disabled: [sBI $2E20C9A9] Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDFiles.exe (1.6.0.4)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-12-08 unins000.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-10-22 advcheck.dll (1.6.2.13)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-10-22 Tools.dll (2.1.6.8)

2008-11-04 Includes\Adware.sbi (*)

2008-11-25 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-09-02 Includes\Dialer.sbi (*)

2008-09-09 Includes\DialerC.sbi (*)

2008-07-23 Includes\HeavyDuty.sbi (*)

2008-11-18 Includes\Hijackers.sbi (*)

2008-11-18 Includes\HijackersC.sbi (*)

2008-09-09 Includes\Keyloggers.sbi (*)

2008-11-18 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-11-18 Includes\Malware.sbi (*)

2008-12-03 Includes\MalwareC.sbi (*)

2008-11-03 Includes\PUPS.sbi (*)

2008-12-02 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-12-02 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-11-04 Includes\Spyware.sbi (*)

2008-12-02 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-11-04 Includes\Trojans.sbi (*)

2008-12-02 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows XP (Build: 2600) Service Pack 3 (5.1.2600)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB925168)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ MSXML 2 / SP6: Hotfix for MSXML 2 (KB887606)

/ MSXML 4 / SP2: Security Update for MSXML 4 (KB927978)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs

/ Windows / SP1: Microsoft National Language Support Downlevel APIs

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB928788)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929773)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB932390)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB933547)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB935551)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB935552)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB939209)

/ Windows Media Player / SP0: Security Update for Windows Media Player (KB911564)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB931756)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB935957)

/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB944882)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB945381)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB946665)

/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB950478)

/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)

/ Windows Media Player 6.4 / SP0: Security Update for Windows Media Player 6.4 (KB925398)

/ Windows XP: Security Update for Windows XP (KB941569)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)

/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)

/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP

/ Windows XP / SP3: Update for Windows XP (KB898461)

/ Windows XP / SP3: Windows XP Service Pack 3

/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)

/ Windows XP / SP4: Hotfix for Windows XP (KB932716-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB938464)

/ Windows XP / SP4: Hotfix for Windows XP (KB942288-v3)

/ Windows XP / SP4: Hotfix for Windows XP (KB944043-v3)

/ Windows XP / SP4: Security Update for Windows XP (KB946648)

/ Windows XP / SP4: Security Update for Windows XP (KB950582)

/ Windows XP / SP4: Security Update for Windows XP (KB950760)

/ Windows XP / SP4: Security Update for Windows XP (KB950762)

/ Windows XP / SP4: Security Update for Windows XP (KB950974)

/ Windows XP / SP4: Security Update for Windows XP (KB951066)

/ Windows XP / SP4: Update for Windows XP (KB951072-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB951376)

/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)

/ Windows XP / SP4: Update for Windows XP (KB951618-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB951698)

/ Windows XP / SP4: Security Update for Windows XP (KB951748)

/ Windows XP / SP4: Update for Windows XP (KB951978)

/ Windows XP / SP4: Hotfix for Windows XP (KB952287)

/ Windows XP / SP4: Security Update for Windows XP (KB952954)

/ Windows XP / SP4: Security Update for Windows XP (KB953155)

/ Windows XP / SP4: Security Update for Windows XP (KB953839)

/ Windows XP / SP4: Security Update for Windows XP (KB954211)

/ Windows XP / SP4: Security Update for Windows XP (KB954459)

/ Windows XP / SP4: Hotfix for Windows XP (KB954708)

/ Windows XP / SP4: Security Update for Windows XP (KB955069)

/ Windows XP / SP4: Security Update for Windows XP (KB955417)

/ Windows XP / SP4: Security Update for Windows XP (KB956391)

/ Windows XP / SP4: Security Update for Windows XP (KB956803)

/ Windows XP / SP4: Security Update for Windows XP (KB956841)

/ Windows XP / SP4: Security Update for Windows XP (KB957095)

/ Windows XP / SP4: Security Update for Windows XP (KB957097)

/ Windows XP / SP4: Security Update for Windows XP (KB958644)

--- Startup entries list ---

Located: HK_LM:Run, ccApp

command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe

size: 51048

MD5: B1A2A8870DF52238AE256D692F443EDB

Located: HK_LM:Run, MSConfig

command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

size: 169984

MD5: A81135541C9D4EBCE43EFA8AD31395B4

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 4501504

MD5: C98961D00C0EBDCF267C3E6355AD2FBB

Located: HK_LM:Run, nwiz

command: nwiz.exe /installquiet

file: C:\WINDOWS\system32\nwiz.exe

size: 323584

MD5: 9AA7FDE85EA93D3B115C9CB4E19F2EEA

Located: HK_LM:Run, TkBellExe

command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

size: 185872

MD5: C681F347514CC8671977FCBD2B7D001A

Located: HK_CU:RunOnce, ShowDeskFix

where: .DEFAULT...

command: regsvr32 /s /n /i:u shell32

file: regsvr32 /s /n /i:u shell32

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, ShowDeskFix

where: S-1-5-19...

command: regsvr32 /s /n /i:u shell32

file: regsvr32 /s /n /i:u shell32

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, ShowDeskFix

where: S-1-5-20...

command: regsvr32 /s /n /i:u shell32

file: regsvr32 /s /n /i:u shell32

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-842925246-492894223-1957994488-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Yahoo! Pager

where: S-1-5-21-842925246-492894223-1957994488-1003...

command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

size: 4670704

MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

Located: HK_CU:RunOnce, ShowDeskFix

where: S-1-5-18...

command: regsvr32 /s /n /i:u shell32

file: regsvr32 /s /n /i:u shell32

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: Startup (disabled), F-Secure Automatic Update (DISABLED)

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)

command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

size: 258048

MD5: C519CEC624CF9BCBA3059F32266C8FFF

Located: Startup (disabled), HP Image Zone Fast Start (DISABLED)

command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe

size: 53248

MD5: 8C53463A3E28454D74F48BF87A9CF7BA

Located: Startup (disabled), Windows Search.lnk (DISABLED)

command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled

file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

{02478D38-C3F9-4efb-9B51-7695ECA05670} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

description: Yahoo Companion!

classification: Legitimate

known filename: Ycomp*_*_*_*.dll

info link: http://companion.yahoo.com/

info source: TonyKlein

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: RealPlayer Download and Record Plugin for Internet Explorer

Path: C:\Program Files\Real\RealPlayer\

Long name: rpbrowserrecordplugin.dll

Short name: RPBROW~1.DLL

Date (created): 12/11/2008 8:38:26 AM

Date (last access): 12/13/2008 1:13:14 PM

Date (last write): 12/11/2008 8:38:26 AM

Filesize: 304736

Attributes: archive

MD5: BA0B225D8FDA9B22F22F5816873EB9FE

CRC32: 777276E9

Version: 1.0.1.85

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: WormRadar.com IESiteBlocker.NavFilter

CLSID name: AVG Safe Search

Path: C:\Program Files\AVG\AVG8\

Long name: avgssie.dll

Short name:

Date (created): 10/15/2008 5:09:36 PM

Date (last access): 12/13/2008 1:13:18 PM

Date (last write): 10/15/2008 5:09:38 PM

Filesize: 455960

Attributes: archive

MD5: 19A9C541D4EE8E3471B26986D785AB4D

CRC32: 93FD7D83

Version: 8.0.0.152

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name:

Date (created): 12/8/2008 6:51:24 PM

Date (last access): 12/13/2008 2:22:50 PM

Date (last write): 9/15/2008 2:25:44 PM

Filesize: 1562960

Attributes: readonly hidden sysfile archive

MD5: 35F73F1936BDE91F1B6995510A61E7A8

CRC32: BE6A5D15

Version: 1.6.2.14

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Yahoo! IE Services Button

Path: C:\Program Files\Yahoo!\Common\

Long name: yiesrvc.dll

Short name:

Date (created): 10/31/2006 3:33:52 PM

Date (last access): 12/13/2008 12:01:48 PM

Date (last write): 10/31/2006 3:33:52 PM

Filesize: 198136

Attributes: archive

MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE

CRC32: 2CDBBB6C

Version: 2006.10.31.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: SSVHelper Class

Path: C:\Program Files\Java\jre1.6.0_07\bin\

Long name: ssv.dll

Short name:

Date (created): 10/7/2008 2:35:36 PM

Date (last access): 12/13/2008 12:02:00 PM

Date (last write): 6/10/2008 3:27:02 AM

Filesize: 509328

Attributes: archive

MD5: F921D875A1CBD69A6A462BA2514BC831

CRC32: 38AC9EE2

Version: 6.0.70.6

{A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: AVG Security Toolbar

Path: C:\PROGRA~1\AVG\AVG8\

Long name: avgtoolbar.dll

Short name: AVGTOO~1.DLL

Date (created): 10/15/2008 5:09:46 PM

Date (last access): 12/13/2008 1:13:22 PM

Date (last write): 10/15/2008 5:09:46 PM

Filesize: 2055960

Attributes: archive

MD5: 8741B6028EFBDA19150E4BDFDCF5E12F

CRC32: 18BAD567

Version: 5.0.2.400

--- ActiveX list ---

{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)

DPF name:

CLSID name: SysProWmi Class

Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf

Codebase: http://support.dell.com/systemprofiler/SysPro.CAB

description:

classification: Legitimate

known filename: SysPro.ocx

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\Dell\SystemProfiler\

Long name: SysPro.ocx

Short name:

Date (created): 1/23/2003 2:23:18 PM

Date (last access): 12/13/2008 5:45:16 AM

Date (last write): 1/23/2003 2:23:18 PM

Filesize: 86016

Attributes: archive

MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172

CRC32: A76A5BDA

Version: 2.0.0.1

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

DPF name:

CLSID name: Windows Genuine Advantage Validation Tool

Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

Codebase: http://download.microsoft.com/download/5/b...heckControl.cab

description:

classification: Legitimate

known filename: LegitCheckControl.DLL

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\

Long name: LegitCheckControl.dll

Short name: LEGITC~1.DLL

Date (created): 7/17/2007 5:21:12 AM

Date (last access): 12/13/2008 10:54:38 AM

Date (last write): 3/20/2008 5:06:36 PM

Filesize: 1480232

Attributes: archive

MD5: E058C4821D48E0A67F6069CB50818D44

CRC32: 3513AE02

Version: 1.7.69.2

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class)

DPF name:

CLSID name: ActiveScan 2.0 Installer Class

Installer: C:\WINDOWS\Downloaded Program Files\as2stubie.inf

Codebase: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: as2stubie.dll

Short name: AS2STU~1.DLL

Date (created): 6/30/2008 10:39:58 AM

Date (last access): 12/13/2008 9:29:54 AM

Date (last write): 6/30/2008 10:39:58 AM

Filesize: 128256

Attributes: archive

MD5: BB482DD127289F0FAD474610F5A4C3E3

CRC32: 1CF0CB03

Version: 1.0.0.10

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)

DPF name:

CLSID name: Installation Support

Installer:

Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll

description: Yahoo! Installation helper

classification: Legitimate

known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll

info link:

info source: Patrick M. Kolla

Path: C:\Program Files\Yahoo!\Common\

Long name: YInstHelper.dll

Short name: YINSTH~1.DLL

Date (created): 3/15/2007 9:13:06 PM

Date (last access): 12/13/2008 3:16:04 AM

Date (last write): 3/15/2007 9:13:06 PM

Filesize: 209448

Attributes: archive

MD5: 4380A4799E826AF03FD975B4A71E9268

CRC32: 423BF1F7

Version: 2007.3.15.1

{33564D57-0000-0010-8000-00AA00389B71} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf

Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

description:

classification: Legitimate

known filename:

info link:

info source: Safer Networking Ltd.

{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)

DPF name:

CLSID name: Snapfish Activia

Installer: C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf

Codebase: http://photos.walmart.com/WalmartActivia.cab

description:

classification: Legitimate

known filename: SnapfishActivia1000.ocx

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files\

Long name: SnapfishActivia1000.ocx

Short name: SNAPFI~1.OCX

Date (created): 6/3/2005 11:24:32 AM

Date (last access): 12/13/2008 4:27:14 AM

Date (last write): 6/3/2005 11:24:32 AM

Filesize: 286720

Attributes: archive

MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B

CRC32: F118547A

Version: 1.0.0.10

{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)

DPF name:

CLSID name: HP Download Manager

Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf

Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: HPDEXAXO.dll

Short name:

Date (created): 10/18/2007 9:04:16 AM

Date (last access): 12/13/2008 10:10:44 AM

Date (last write): 10/18/2007 9:04:16 AM

Filesize: 341296

Attributes: archive

MD5: CDE357CD3FC047F5C7D8B8345B6A42BF

CRC32: 7ABDC22F

Version: 1.0.5.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_07

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description: Sun Java

classification: Legitimate

known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

info link:

info source: Patrick M. Kolla

Path: C:\Program Files\Java\jre1.6.0_07\bin\

Long name: npjpi160_07.dll

Short name: NPJPI1~1.DLL

Date (created): 6/10/2008 1:32:34 AM

Date (last access): 12/13/2008 2:47:20 AM

Date (last write): 6/10/2008 3:27:02 AM

Filesize: 132496

Attributes: archive

MD5: 7C83A2809E13950359189767AC9D5DB8

CRC32: 925C2A88

Version: 6.0.70.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_02

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description:

classification: Legitimate

known filename: npjpi160_02.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Program Files\Java\jre1.6.0_02\bin\

Long name: npjpi160_02.dll

Short name: NPJPI1~1.DLL

Date (created): 7/12/2007 1:22:38 AM

Date (last access): 12/13/2008 2:39:02 AM

Date (last write): 7/12/2007 3:00:36 AM

Filesize: 132496

Attributes: archive

MD5: E3811F1A1C5063C941EC0E2766C3EA39

CRC32: AEFD3747

Version: 6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_03

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Program Files\Java\jre1.6.0_03\bin\

Long name: npjpi160_03.dll

Short name: NPJPI1~1.DLL

Date (created): 9/24/2007 11:31:44 PM

Date (last access): 12/13/2008 2:41:44 AM

Date (last write): 9/25/2007 1:11:34 AM

Filesize: 132496

Attributes: archive

MD5: D6A4682A6FF41832A3F1A7AB9AE08199

CRC32: 9080B537

Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_05

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Program Files\Java\jre1.6.0_05\bin\

Long name: npjpi160_05.dll

Short name: NPJPI1~1.DLL

Date (created): 2/22/2008 2:33:32 AM

Date (last access): 12/13/2008 2:44:28 AM

Date (last write): 2/22/2008 4:25:20 AM

Filesize: 132496

Attributes: archive

MD5: 4FDFB86D78994BD71CBB779A7809E9CD

CRC32: 5A0EB880

Version: 6.0.50.13

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_07

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Program Files\Java\jre1.6.0_07\bin\

Long name: npjpi160_07.dll

Short name: NPJPI1~1.DLL

Date (created): 6/10/2008 1:32:34 AM

Date (last access): 12/13/2008 2:31:16 PM

Date (last write): 6/10/2008 3:27:02 AM

Filesize: 132496

Attributes: archive

MD5: 7C83A2809E13950359189767AC9D5DB8

CRC32: 925C2A88

Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_07

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description:

classification: Legitimate

known filename: npjpi150_06.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Program Files\Java\jre1.6.0_07\bin\

Long name: npjpi160_07.dll

Short name: NPJPI1~1.DLL

Date (created): 6/10/2008 1:32:34 AM

Date (last access): 12/13/2008 2:31:16 PM

Date (last write): 6/10/2008 3:27:02 AM

Filesize: 132496

Attributes: archive

MD5: 7C83A2809E13950359189767AC9D5DB8

CRC32: 925C2A88

Version: 6.0.70.6

--- Process list ---

PID: 0 ( 0) [system]

PID: 596 ( 4) \SystemRoot\System32\smss.exe

size: 50688

PID: 664 ( 596) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 692 ( 596) \??\C:\WINDOWS\system32\winlogon.exe

size: 507904

PID: 796 ( 692) C:\WINDOWS\system32\services.exe

size: 108544

MD5: 0E776ED5F7CC9F94299E70461B7B8185

PID: 808 ( 692) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: BF2466B3E18E970D8A976FB95FC1CA85

PID: 1004 ( 796) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1068 ( 796) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1112 ( 796) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1152 ( 796) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1328 ( 796) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1400 ( 796) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1528 ( 796) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

size: 149352

MD5: 0981902E0C29655FA8FA161247064907

PID: 1736 ( 796) C:\WINDOWS\system32\spoolsv.exe

size: 57856

MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B

PID: 1136 ( 796) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

size: 231704

MD5: 9B40D378D4E521464212E878BE8216A4

PID: 140 ( 796) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

size: 322120

MD5: 11F714F85530A2BD134074DC30E99FCA

PID: 1364 ( 796) C:\WINDOWS\system32\nvsvc32.exe

size: 65536

MD5: 82336D4ABD8CA5F8E870CBFA47C0A5DA

PID: 1456 ( 796) C:\WINDOWS\system32\HPZipm12.exe

size: 73728

MD5: 2D091A99624FB9E7EEF0A86D872EC0C3

PID: 1420 ( 796) C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

size: 539160

MD5: 21A1B8CE47AFE9E7029620E40BECBA31

PID: 2004 ( 796) C:\Program Files\UPHClean\uphclean.exe

size: 241725

MD5: 3F9A3232E5F942874488981F3242C989

PID: 204 (1136) C:\Program Files\AVG\AVG8\avgrsx.exe

size: 287000

MD5: BA1CE056CE1466CA28CE118585EA86C4

PID: 980 ( 796) C:\PROGRA~1\AVG\AVG8\avgemc.exe

size: 875288

MD5: EC5B6AFF1A0BD1480B3B40CE78FAA527

PID: 2064 ( 796) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: 8C515081584A38AA007909CD02020B3D

PID: 2884 ( 796) C:\WINDOWS\system32\SearchIndexer.exe

size: 439808

MD5: 7778BDFA3F6F6FBA0E75B9594098F737

PID: 1628 ( 692) C:\WINDOWS\system32\WgaTray.exe

size: 336768

MD5: BBA0C62048EB5292AA5D5956ECB874BF

PID: 1784 (1112) C:\WINDOWS\system32\wuauclt.exe

size: 51224

MD5: E654B78D2F1D791B30D0ED9A8195EC22

PID: 1108 (2824) C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

size: 1378840

MD5: 0E1FF642D6B19E10854A72F8CA2A7A0C

PID: 2264 (2608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

size: 149352

MD5: 0981902E0C29655FA8FA161247064907

PID: 3408 (2824) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

PID: 4056 (1004) C:\WINDOWS\system32\DllHost.exe

size: 5120

MD5: 0A9BA6AF531AFE7FA5E4FB973852D863

PID: 2192 ( 692) C:\WINDOWS\explorer.exe

size: 1033728

MD5: 12896823FB95BFB3DC9B46BCAEDC9923

PID: 3480 (2192) C:\Program Files\Internet Explorer\iexplore.exe

size: 635848

MD5: E8305C30D35E85D6657ED3E9934CB302

PID: 2456 (1004) C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

size: 540440

MD5: 191562BBF5670FB4E06BD3E9FF639799

PID: 3516 (2192) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4891472

MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

PID: 3016 (3444) C:\WINDOWS\system32\NOTEPAD.EXE

size: 69120

MD5: 5E28284F9B5F9097640D58A73D38AD4C

PID: 3940 (2860) C:\Program Files\Common Files\Real\Update_OB\realsched.exe

size: 185872

MD5: C681F347514CC8671977FCBD2B7D001A

PID: 4000 (2652) C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

size: 4670704

MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

PID: 4 ( 0) System

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 12/13/2008 2:31:20 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.yahoo.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A34C58BC-4F69-45FB-B99C-4E8712795CE0}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A34C58BC-4F69-45FB-B99C-4E8712795CE0}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F20EB64A-A274-4F7B-B563-659C5DEACD86}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F20EB64A-A274-4F7B-B563-659C5DEACD86}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86E7840E-B00F-4170-8CE3-986A501E89C9}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86E7840E-B00F-4170-8CE3-986A501E89C9}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9672C32-FF77-443B-8523-221D9BB67DCF}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9672C32-FF77-443B-8523-221D9BB67DCF}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F24F9362-1DC6-4E2F-AB44-8D5B029C475C}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F24F9362-1DC6-4E2F-AB44-8D5B029C475C}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C5C0D40-B3B7-41AC-A2A9-16C7185D6A99}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C5C0D40-B3B7-41AC-A2A9-16C7185D6A99}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{112E3BC7-6D6D-4182-96BA-95B7E7E3CE8B}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{112E3BC7-6D6D-4182-96BA-95B7E7E3CE8B}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD nwlnkipx [iPX]

GUID: {11058240-BE47-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD nwlnkipx *

Protocol 20: MSAFD nwlnkspx [sPX]

GUID: {11058241-BE47-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD nwlnkspx *

Protocol 21: MSAFD nwlnkspx [sPX] [Pseudo Stream]

GUID: {11058241-BE47-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD nwlnkspx *

Protocol 22: MSAFD nwlnkspx [sPX II]

GUID: {11058241-BE47-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD nwlnkspx *

Protocol 23: MSAFD nwlnkspx [sPX II] [Pseudo Stream]

GUID: {11058241-BE47-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD nwlnkspx *

Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol

GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\nwprovau.dll

Description: Microsoft Windows NT/2k/XP Novell Netware name space provider

DB filename: %SystemRoot%\system32\nwprovau.dll

DB protocol: NWLink IPX/SPX/NetBIOS*

Link to post
Share on other sites

Here is the Hijackthis log file... PLEASE HELP!!!!!

Logfile of HijackThis v1.99.1

Scan saved at 2:53:15 PM, on 12/13/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

C:\Program Files\UPHClean\uphclean.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xcncfmhcv:80

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.antispy.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.gg.com

O1 - Hosts: 123.251.143.110 www.ghfhj.com

O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com

O1 - Hosts: 123.251.143.110 www.1.com

O1 - Hosts: 123.251.143.110 www.3.com

O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com

O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfld.com

O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com

O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasndfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com

O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com

O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com

O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com

O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com

O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com

O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com

O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com

O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymantecAntiBotAgent - Unknown owner - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent (file missing)

O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

Link to post
Share on other sites

  • 2 weeks later...

I have the same problem, ran 3 different antivirus programs and every spyware software program out there and nothing. three days searching for answeres and nothing yet

I downloaded Winrar from Cnet and got tis super nasty malware/virus. I ran the other programs and here is my first log file.

Malwarebytes' Anti-Malware 1.31

Database version: 1475

Windows 5.1.2600 Service Pack 3

12/8/2008 5:19:09 PM

mbam-log-2008-12-08 (17-19-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 86845

Time elapsed: 1 hour(s), 16 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 14

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Files Infected:

C:\System Volume Information\_restore{CC93DB50-DFF3-41E0-BCBF-C8922AA3297D}\RP578\A0188491.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.