Hi,
First time here and I need help please, when it comes to computers I'm not the most knowledgeable. ;)
Spy Bot Report
--- Search result list ---
Hotbar: Tracking cookie (Internet Explorer: Cyndi) (Cookie, fixed)
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
FunWeb: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts
FunWeb: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
FunWeb: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
FunWeb: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2
FunWeb: Root class (Registry key, fixed)
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu
FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FunWebProducts
FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Fun Web Products
FunWebProducts: Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\
MyWebSearch: Link (File, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
MyWebSearch: Installer (File, fixed)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
MyWebSearch: Link (File, fixed)
C:\Documents and Settings\Cyndi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
MyWebSearch: Program file (File, fixed)
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MyWebSearch: Autorun settings (MyWebSearch Email Plugin) (Registry value, fixed)
HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
MyWebSearch: Autorun settings (MyWebSearch Email Plugin) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FocusInteractive
MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1003\Software\MyWebSearch
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWebSearch: Program directory (Directory, fixing failed)
C:\Program Files\MyWebSearch\
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1
MyWebSearch: Root class (Registry key, fixing failed)
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin
MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\MyWebSearch
MyWebSearch: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWebSearch: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
MyWebSearch: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
MyWebSearch: Uninstall settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
TIBS: Program directory (Directory, fixing failed)
C:\Program Files\WebSiteViewer\
TIBS: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1003\Software\WebSiteViewer
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2005-01-04 Includes\Trojans.sbi
2004-11-29 Includes\Tracks.uti
--- System information ---
Windows XP (Build: 2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows XP / SP1: Windows XP Hotfix - KB821557
/ Windows XP / SP1: Windows XP Hotfix - KB823182
/ Windows XP / SP1: Windows XP Hotfix - KB823980
/ Windows XP / SP1: Windows XP Hotfix - KB824105
/ Windows XP / SP1: Windows XP Hotfix - KB824141
/ Windows XP / SP1: Windows XP Hotfix - KB828035
/ Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312370 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314862 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
/ Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix - KB887822
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP3: Windows XP Hotfix - KB885523
--- Startup entries list ---
Located: HK_LM:Run, Ardamax Keylogger
command: C:\WINDOWS\System32\akl.exe
file: C:\WINDOWS\System32\akl.exe
size: 340480
MD5: 2c24095bb121440c66f0e9ea6e7c46e2
Located: HK_LM:Run, CapFax
command: C:\Program Files\Classic PhoneTools\CapFax.EXE
file: C:\Program Files\Classic PhoneTools\CapFax.EXE
size: 20739
MD5: 3f98d6efaed887bd458e433cbc93cc3d
Located: HK_LM:Run, Error Nuker
command: C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
Located: HK_LM:Run, HTpatch
command: C:\WINDOWS\htpatch.exe
file: C:\WINDOWS\htpatch.exe
size: 28672
MD5: 47122e4e9b3da3e6ee66e1a56aae8f57
Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 1101824
MD5: 10123e660a81f92c7827d2474299f20a
Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a
Located: HK_LM:Run, LiveMonitor
command: C:\Program Files\MSI\Live Update 2\LMonitor.exe
file: C:\Program Files\MSI\Live Update 2\LMonitor.exe
size: 402432
MD5: bae6607ca5d490538b52667c68778c62
Located: HK_LM:Run, lsass
command: C:\WINDOWS\lsass.exe
file: C:\WINDOWS\lsass.exe
size: 38035
MD5: 75339381c4bce3e06ffacf72a1164bbf
Located: HK_LM:Run, LXSUPMON
command: C:\WINDOWS\System32\LXSUPMON.EXE RUN
file: C:\WINDOWS\System32\LXSUPMON.EXE
size: 885760
MD5: bdbd516e37761ed51e602a54873d24cd
Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 167936
MD5: bae80e8b26dd50a37823b20351abc7a3
Located: HK_LM:Run, Microsoft Works Portfolio
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 28738
MD5: 5ac34c17115d3818dc9c9f5b2d909858
Located: HK_LM:Run, msnappau
command: "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
file: C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
size: 86016
MD5: e377c992dfbb5837826ea311e436c66d
Located: HK_LM:Run, NAV Agent
command: C:\PROGRA~1\NORTON~1\navapw32.exe
file: C:\PROGRA~1\NORTON~1\navapw32.exe
size: 75384
MD5: 89edb06c1ea1a7f4a513ff1dbecbf73b
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a
Located: HK_LM:Run, Open Site
command: C:\Program Files\Open Site\opnste.exe
Located: HK_LM:Run, POINTER
command: point32.exe
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 47104
MD5: e571561c61000c8a203f1997954825b8
Located: HK_LM:Run, SvcH0st
command: C:\WINDOWS\winagent.exe /i
file: C:\WINDOWS\winagent.exe
size: 17408
MD5: f0225bf20873226df2bb5be28a22fddf
Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\system32\SysTray.Exe
size: 3072
MD5: 46e07fd3a40760fda18cf6b4fc691742
Located: HK_LM:Run, SysUpd
command: C:\WINDOWS\sysupd.exe
Located: HK_LM:Run, WorksFUD
command: C:\Program Files\Microsoft Works\wkfud.exe
file: C:\Program Files\Microsoft Works\wkfud.exe
size: 24576
MD5: 8f13ea2d495ae946b1f33898ada8fdd5
Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 902936
MD5: 073f29e364b0d66dc267b38676824f88
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 3948032
MD5: 9d7660564cf9a8226dc8d44679f3a64b
Located: HK_CU:Run, \IEService.exe
command: C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\Money Express.exe"
Located: HK_CU:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
file: C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
size: 87184
MD5: c16b92488d9499171a63225f487f7d20
Located: HK_CU:Run, Weather
command: C:\Program Files\AWS\WeatherBug\Weather.exe 1
Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe
file: C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe
size: 98304
MD5: 9c98dff6e6ae125cb3ff52e7fb063d9f
Located: Startup (common), Microsoft Works Calendar Reminders.lnk
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 39fdfd34f7b04290d1bc53e3d6ec7d83
Located: Startup (common), PC Alert 4.lnk
command: C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
file: C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
size: 548864
MD5: 6328d7fd5ec96034b1efedccd6a93a2c
Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29
--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
BHO name:
CLSID name: Yahoo! Companion BHO
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ycomp5_1_6_0.dll
Short name: YCOMP5~2.DLL
Date (created): 6/27/2003 5:51:26 PM
Date (last access): 2/20/2005
Date (last write): 6/27/2003 5:51:26 PM
Filesize: 209489
Attributes: archive
MD5: A675F95A1DB0A1ED0DF213A7765E1D72
CRC32: 5E1C0C48
Version: 7.211.0.6
{0F9561D0-03B2-44a3-89A6-E95E417CBA25} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\
Long name: cerbmod.dll
Short name:
Date (created): 2/19/2005 4:53:50 PM
Date (last access): 2/20/2005
Date (last write): 2/19/2005 4:53:52 PM
Filesize: 27136
Attributes: archive
MD5: 5FCD5E8E4BB019AF96B6B4A0EEB54BED
CRC32: D20C3DCA
Version: 255.255.255.255
{206E52E0-D52E-11D4-AD54-0000E86C26F6} ()
BHO name:
CLSID name:
description: Fresh Devices
classification: Legitimate
known filename: Fdiehlp.dll<br>fdcatch.dll
info link: http://www.freshdevices.com/freshdown.html
info source: TonyKlein
Path: C:\PROGRA~1\FRESHD~1\FRESHD~1\
Long name: fdcatch.dll
Short name:
Date (created): 10/20/2004 11:29:48 AM
Date (last access): 2/20/2005
Date (last write): 10/20/2004 11:29:48 AM
Filesize: 207360
Attributes: archive
MD5: 7C66927CEF715C7B26BD6F5ECF474B83
CRC32: AAF3E890
Version: 0.3.0.5
{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} (ngpw34.clsIS)
BHO name:
CLSID name: ngpw34.clsIS
Path: c:\windows\
Long name: ngpw34.dll
Short name:
Date (created): 3/22/2004 10:23:12 PM
Date (last access): 2/20/2005
Date (last write): 3/22/2004 10:23:12 PM
Filesize: 57411
Attributes: archive
MD5: 5036E34A0FFF9E417B30774F0BE56064
CRC32: E3046572
Version: 0.3.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 5/12/2004 1:03:00 AM
Date (last access): 2/20/2005
Date (last write): 5/12/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\
Long name: stmain.dll
Short name:
Date (created): 2/20/2005 1:12:42 AM
Date (last access): 2/20/2005
Date (last write): 8/13/2004 5:42:00 PM
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 0.1.0.2
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\
Long name: msntb.dll
Short name:
Date (created): 2/19/2005 7:12:44 PM
Date (last access): 2/20/2005
Date (last write): 8/13/2004 5:42:38 PM
Filesize: 282624
Attributes: archive
MD5: 0DEB8B7CAD01EE86D1C4062E1B587C5A
CRC32: E8C466A1
Version: 0.1.0.2
{BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
BHO name:
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 4/19/2004 3:32:32 PM
Date (last access): 2/20/2005
Date (last write): 2/27/2002 11:07:30 AM
Filesize: 102400
Attributes: archive
MD5: 3AB9B9A20D4D8B6A1632910AB6C56FD9
CRC32: FBF10F3A
Version: 0.8.0.0
{E9147A0A-A866-4214-B47C-DA821891240F} (ngsw31.clsIS)
BHO name:
CLSID name: ngsw31.clsIS
Path: c:\windows\
Long name: ngsw31.dll
Short name:
Date (created): 3/22/2004 1:59:08 PM
Date (last access): 2/20/2005
Date (last write): 3/22/2004 1:59:08 PM
Filesize: 53335
Attributes: archive
MD5: 3D4118DF7B7E14D86B61BA6E7D6BD7D6
CRC32: 493F8065
Version: 0.1.0.0
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
ppctlcab (ppctlcab)
DPF name: ppctlcab
CLSID name:
Yahoo! Euchre (Yahoo! Euchre)
DPF name: Yahoo! Euchre
CLSID name:
Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:
Yahoo! Spelldown (Yahoo! Spelldown)
DPF name: Yahoo! Spelldown
CLSID name:
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 5/29/2003 3:00:18 PM
Date (last access): 2/20/2005
Date (last write): 5/29/2003 3:00:18 PM
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 0.7.0.1
{15589FA1-C456-11CE-BF01-000000000000} ()
DPF name:
CLSID name:
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\
Long name: SWDIR.DLL
Short name:
Date (created): 1/1/1980
Date (last access): 2/20/2005
Date (last write): 9/9/2004 2:49:12 PM
Filesize: 54488
Attributes: archive
MD5: 943193399C341AC34E842CB07B5F29A0
CRC32: 12DEB8F4
Version: 0.10.0.1
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 5/29/2003 3:00:22 PM
Date (last access): 2/20/2005
Date (last write): 5/29/2003 3:00:22 PM
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 0.7.0.1
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class)
DPF name:
CLSID name: MiniBugTransporterX Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MiniBugTransporter.dll
Short name: MINIBU~1.DLL
Date (created): 8/24/2004 5:28:02 PM
Date (last access): 2/20/2005
Date (last write): 8/24/2004 5:28:02 PM
Filesize: 414824
Attributes: archive
MD5: 51DB304D50CCCB418819033052A7B147
CRC32: AAC5F1CD
Version: 0.2.0.0
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 7/11/2001 4:55:28 PM
Date (last access): 2/20/2005
Date (last write): 7/11/2001 4:55:28 PM
Filesize: 81920
Attributes: archive
MD5: F18F29A87DD4F311ED377B54E850DBEF
CRC32: 9C5F5456
Version: 7.209.0.7
{4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control)
DPF name:
CLSID name: InstallFromTheWeb ActiveX Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: iftw.dll
Short name:
Date (created): 1/12/2000 11:09:38 AM
Date (last access): 2/20/2005
Date (last write): 1/12/2000 11:09:38 AM
Filesize: 118784
Attributes: archive
MD5: F3E129954635DB80813C2AC7CBC2E20B
CRC32: 7D48CA96
Version: 0.3.0.0
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 6/9/2004 4:56:02 PM
Date (last access): 2/20/2005
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70
{7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup)
DPF name:
CLSID name: HouseCallButton.setup
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HouseCallButton.dll
Short name: HOUSEC~1.DLL
Date (created): 5/9/2003 9:15:54 AM
Date (last access): 2/20/2005
Date (last write): 5/9/2003 9:15:54 AM
Filesize: 77824
Attributes: archive
MD5: 58FCB5D68C46EEAE25F66611FA9FFA8E
CRC32: BC2ECB58
Version: 0.1.0.0
{8A8F3D75-6564-4599-A7DC-313B43A89E1D} ()
DPF name:
CLSID name:
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 7/30/2004 3:31:00 PM
Date (last access): 2/20/2005
Date (last write): 7/30/2004 3:31:00 PM
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 0.1.0.4
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 3:00:20 PM
Date (last access): 2/20/2005
Date (last write): 5/29/2003 3:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1
{99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class)
DPF name:
CLSID name: WebSpyWareKiller Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebSWK.dll
Short name: WEBSWK.DLL
Date (created): 12/1/2004 5:40:32 PM
Date (last access): 2/20/2005
Date (last write): 12/1/2004 5:40:32 PM
Filesize: 151552
Attributes: archive
MD5: 551866E549A6080DB092423AA36FD142
CRC32: E27F11FB
Version: 0.1.0.0
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
DPF name:
CLSID name: HeartbeatCtl Class
Path: C:\WINDOWS\DOWNLO~1\
Long name: hrtbeat.ocx
Short name:
Date (created): 9/18/2001 6:37:48 PM
Date (last access): 2/20/2005
Date (last write): 9/18/2001 6:37:48 PM
Filesize: 101451
Attributes: archive
MD5: 06DDD56BB43CB6FDA26C9D65396EDA78
CRC32: 8BFE3040
Version: 0.6.0.2
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 11/5/2004 3:58:20 PM
Date (last access): 2/20/2005
Date (last write): 11/5/2004 3:58:20 PM
Filesize: 119496
Attributes: archive
MD5: 1B40AA6A5D25E6CB4EDFC4C717113161
CRC32: 4F5D45E3
Version: 0.1.0.0
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 7/30/2004 3:31:00 PM
Date (last access): 2/20/2005
Date (last write): 7/30/2004 3:31:00 PM
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 0.1.0.4
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 4/8/2004 5:51:02 PM
Date (last access): 2/20/2005
Date (last write): 4/8/2004 5:51:02 PM
Filesize: 939368
Attributes: archive
MD5: 2FB1D6FAB135CEE391AB3D70E1C26347
CRC32: 488FA4EC
Version: 0.7.0.0
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Path: C:\WINDOWS\Downloaded Program Files\
Long name: popcaploader.dll
Short name: POPCAP~1.DLL
Date (created): 8/26/2004 12:12:00 PM
Date (last access): 2/20/2005
Date (last write): 8/26/2004 12:12:00 PM
Filesize: 126976
Attributes: archive
MD5: 57F868A52B9D4153658DC0DB5062E536
CRC32: 35357599
Version: 0.1.0.0
{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion)
DPF name:
CLSID name: Yahoo! Canada Companion
description: Yahoo toolbar
classification: Unknown
known filename: ycomp4,0,2,10.dll<br>Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ycomp5_1_6_0.dll
Short name: YCOMP5~2.DLL
Date (created): 6/27/2003 5:51:26 PM
Date (last access): 2/20/2005
Date (last write): 6/27/2003 5:51:26 PM
Filesize: 209489
Attributes: archive
MD5: A675F95A1DB0A1ED0DF213A7765E1D72
CRC32: 5E1C0C48
Version: 7.211.0.6
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 5/16/2003 5:33:48 PM
Date (last access): 2/20/2005
Date (last write): 5/16/2003 5:33:48 PM
Filesize: 457288
Attributes: archive
MD5: 6FB06396675C1413F4E3AF3FA446E52C
CRC32: 226E9275
Version: 0.9.0.0
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 5/29/2003 3:00:20 PM
Date (last access): 2/20/2005
Date (last write): 5/29/2003 3:00:20 PM
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 0.7.0.1
--- Process list ---
Spybot - Search && Destroy process list report, 2/20/2005 5:24:00 PM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 300 (1964) C:\Program Files\Classic PhoneTools\CapFax.EXE
PID: 308 ( 4) \SystemRoot\System32\smss.exe
PID: 344 (1964) C:\Program Files\Ahead\InCD\InCD.exe
PID: 348 (1964) C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PID: 352 (1964) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PID: 372 ( 308) CSRSS.EXE
PID: 396 ( 308) \??\C:\WINDOWS\system32\winlogon.exe
PID: 440 ( 396) C:\WINDOWS\system32\services.exe
PID: 452 ( 396) C:\WINDOWS\system32\lsass.exe
PID: 708 ( 440) C:\WINDOWS\system32\svchost.exe
PID: 732 ( 440) C:\WINDOWS\System32\svchost.exe
PID: 796 ( 440) SVCHOST.EXE
PID: 820 (1964) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PID: 852 ( 440) SVCHOST.EXE
PID: 964 ( 440) C:\WINDOWS\system32\LEXBCES.EXE
PID: 1000 ( 440) C:\WINDOWS\system32\spoolsv.exe
PID: 1008 ( 964) C:\WINDOWS\system32\LEXPPS.EXE
PID: 1156 ( 440) C:\Program Files\Norton AntiVirus\navapsvc.exe
PID: 1184 ( 440) C:\WINDOWS\System32\nvsvc32.exe
PID: 1244 (1964) C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
PID: 1280 (1964) C:\WINDOWS\System32\akl.exe
PID: 1288 ( 440) WDFMGR.EXE
PID: 1408 (1964) C:\PROGRA~1\NORTON~1\navapw32.exe
PID: 1520 (1964) C:\WINDOWS\winagent.exe
PID: 1532 (1964) C:\WINDOWS\lsass.exe
PID: 1632 (1964) C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID: 1704 (1964) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
PID: 1808 (1964) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
PID: 1964 (1812) C:\WINDOWS\Explorer.EXE
PID: 2256 (1964) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2456 ( 440) C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
PID: 2460 (1964) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 2612 (1964) C:\Program Files\Tibia\Tibia.exe
PID: 2692 (2756) C:\Program Files\WebSiteViewer\127036.dlr
PID: 2884 (1964) C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 2/20/2005 5:24:00 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ms101.mysearch.com/sa/srchlft.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hijack report
Logfile of HijackThis v1.99.1
Scan saved at 5:30:38 PM, on 2/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\akl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\winagent.exe
C:\WINDOWS\lsass.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Tibia\Tibia.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WebSiteViewer\127036.dlr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: ngpw34.clsIS - {2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} - c:\windows\ngpw34.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ngsw31.clsIS - {E9147A0A-A866-4214-B47C-DA821891240F} - c:\windows\ngsw31.dll
O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [Ardamax Keylogger] C:\WINDOWS\System32\akl.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\winagent.exe /i
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {8A8F3D75-6564-4599-A7DC-313B43A89E1D} - http://www.kazaa.net.cn/digital/AdInstaller.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) - http://us.dl1.yimg.com/download.companion..