I'm using XP PRO, Service Pack 2, no multiple users, IE browser version: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
No matter how many times I remove the following three listings from the hosts file, they instantly reappear:
69.20.16.183.autosearch.msn.com
69.20.16.183.search.netscape.com
69.20.16.183.ieautosearch
I have run Ad-Aware SE 1.05 (with all the suggested tweaks, including the one that supposedly locks the host file after it is cleaned), and no matter what, those three listings return.
I get a lot of browser popups. At first, the top frame bar of each window refers to a www.loadingwebsite.com site.
I have run SpyBot S&D 1.03 many times, and those same hosts appear -- two of them under hijacks and one under IGetNet. No matter how many times I clean them from there, they instantly reappear. The report from my last Spybot scan is at the very end of this message.
I have run a full Norton Antivirus 2004 scan many times, and nothing is found.
I have run CWShredder 2.13 and no matter how many times it scans & cleans my computer, it always finds the following variants over & over:
CWS.BootConf
CWS.Svchost32
CWS.Look2Me
I have run VX2Finder but it doesn't find any files, and it doesn't seem to find the "Guardian" folder in the registry, although it does find a string.
And every time I start up the computer, there is a RUNDLL exception error, listing a file that changes its name everytime and is nowhere to be found on the computer!
Here is the HijackThis log that I've just run...followed by the SpyBot report, with hopes that you can help me sort this all out.....
___________________________________
Logfile of HijackThis v1.99.1
Scan saved at 9:05:39 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\logonui.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINXP\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINXP\system32\tcpsvcs.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINXP\system32\sessmgr.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\devldr32.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\rundll32.exe
C:\Documents and Settings\shnookles\Desktop\hijackthis\HijackThis.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?321
O16 - DPF: {F3F322B5-26EE-46EB-8D03-030ACA4D6167} (Aurigma Image Uploader 2.5) - http://www.mpix.com/...geUploader2.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{719B1E7B-06E7-475D-928D-6DE2F5AD0C7E}: NameServer = 192.168.0.1
O20 - Winlogon Notify: ShellScrap - C:\WINXP\system32\l48mlel11hq.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
<><><><><><><><><><><><><>
--- Search result list ---
--- Spybot - Search && Destroy version: 1.3 ---
2005-03-03 Includes\Cookies.sbi
2005-03-16 Includes\Dialer.sbi
2005-03-17 Includes\Hijackers.sbi
2005-03-17 Includes\Keyloggers.sbi
2005-03-16 Includes\Malware.sbi
2005-03-17 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-03-17 Includes\Spybots.sbi
2005-03-16 Includes\Trojans.sbi
2005-03-17 Includes\PUPS.sbi
2005-02-17 Includes\Tracks.uti
2004-08-11 Includes\plugin-ignore.ini
2004-11-29 Includes\LSP.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885295
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB891781
--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: bfa83b551abd8084b4623887d0e3b53c
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 22755776eccc7165ac109c381782a957
Located: HK_LM:Run, D-Link Air Utility
command: C:\Program Files\D-Link\Air Utility\AirCFG.exe
file: C:\Program Files\D-Link\Air Utility\AirCFG.exe
size: 2695168
MD5: e301aba16c28b3dad8807a433f406cf7
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7c6b5065e7326e3c91a62800df3a31fa
Located: HK_LM:Run, iTunesHelper
command: C:\Program Files\iTunes\iTunesHelper.exe
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2fd3df1d0ddc018202abfc9be6e68923
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
file: C:\WINXP\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
size: 32881
MD5: d7b9be63c406103ee1405fe473ac0697
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 95960
MD5: abba14e4513a3eb53194c472d94943d7
--- Browser helper object list ---
--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Path: C:\WINXP\System32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name: SYSPRO.OCX
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 3/20/2005
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 0.2.0.0
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Path: C:\WINXP\DOWNLO~1\
Long name: CTSUEng.ocx
Short name: CTSUENG.OCX
Date (created): 7/25/2003 1:21:00 AM
Date (last access): 3/20/2005
Date (last write): 7/25/2003 1:21:00 AM
Filesize: 212992
Attributes: archive
MD5: 53CC4E7AA9FB7C174F37CBE6E851AE7D
CRC32: 16D0B0BA
Version: 0.1.0.21
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINXP\Downloaded Program Files\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 11/12/2004 2:33:48 PM
Date (last access): 3/20/2005
Date (last write): 11/12/2004 2:33:48 PM
Filesize: 346888
Attributes: archive
MD5: 40FC24CEF49EAF0EBC7C51C67F89A952
CRC32: C2CCDE24
Version: 0.1.0.0
{2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen)
DPF name:
CLSID name: PPSDKActiveXScanner.MainScreen
Path: C:\WINXP\Downloaded Program Files\
Long name: PPSDKActiveXScanner.ocx
Short name: PPSDKA~1.OCX
Date (created): 3/17/2004 2:41:36 AM
Date (last access): 3/14/2005
Date (last write): 3/17/2004 2:41:36 AM
Filesize: 170608
Attributes: archive
MD5: 6EA60ECEBA1D024CE2106C7D9DB78AB1
CRC32: 26FCC8AB
Version: 0.1.0.5
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINXP\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 4:10:30 AM
Date (last access): 3/20/2005
Date (last write): 8/27/2003 4:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class)
DPF name:
CLSID name: QDiagAOLCCUpdateObj Class
Path: C:\WINXP\System32\
Long name: qdiagcc.ocx
Short name:
Date (created): 2/23/2004 10:58:20 AM
Date (last access): 3/14/2005
Date (last write): 8/18/2004 1:31:08 PM
Filesize: 1352816
Attributes: archive
MD5: 6BD1F54AAB2B4BEDF6DF7DE7A4EA6D57
CRC32: 08A81619
Version: 0.1.0.0
{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Path: C:\WINXP\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 5/15/2004 3:14:18 PM
Date (last access): 3/20/2005
Date (last write): 8/13/2004 6:10:50 PM
Filesize: 894544
Attributes: archive
MD5: 540A29546F451463084FB90486271620
CRC32: 8A4BE0F3
Version: 0.1.0.0
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:
{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Path: C:\WINXP\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 6/29/2004 11:28:18 AM
Date (last access): 3/20/2005
Date (last write): 6/29/2004 11:28:18 AM
Filesize: 160928
Attributes: archive
MD5: 903343D152B0733DBFA22D7408AB59EC
CRC32: FFE4B0EE
Version: 7.212.0.6
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 11:44:46 PM
Date (last access): 3/20/2005
Date (last write): 2/22/2004 11:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class)
DPF name:
CLSID name: Symantec RuFSI Registry Information Class
description: Symantec RuFSI Registry Information Class
classification: Legitimate
known filename: RUFSI.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINXP\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 6/29/2004 11:28:18 AM
Date (last access): 3/20/2005
Date (last write): 6/29/2004 11:28:18 AM
Filesize: 160928
Attributes: archive
MD5: 903343D152B0733DBFA22D7408AB59EC
CRC32: FFE4B0EE
Version: 7.212.0.6
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 11:44:46 PM
Date (last access): 3/20/2005
Date (last write): 2/22/2004 11:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Path: C:\WINXP\Downloaded Program Files\
Long name: SymAData.dll
Short name: SYMADATA.DLL
Date (created): 5/17/2004 10:05:58 AM
Date (last access): 3/20/2005
Date (last write): 5/17/2004 10:05:58 AM
Filesize: 156792
Attributes: archive
MD5: B7A28CBD0022210FD0D877C9951694F1
CRC32: C44DD1D5
Version: 0.2.0.0
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Path: C:\WINXP\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 6/12/2002 1:16:22 PM
Date (last access): 3/20/2005
Date (last write): 6/12/2002 1:16:22 PM
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 0.1.0.0
{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Path: C:\WINXP\System32\
Long name: qdiagh.ocx
Short name:
Date (created): 7/6/2004 5:31:12 PM
Date (last access): 3/14/2005
Date (last write): 7/6/2004 5:31:12 PM
Filesize: 824432
Attributes: archive
MD5: 1FC80B9DDA2B4191EC801D1E2EE25033
CRC32: 791CF59C
Version: 0.1.0.0
{F3F322B5-26EE-46EB-8D03-030ACA4D6167} (Aurigma Image Uploader 2.5)
DPF name:
CLSID name: Aurigma Image Uploader 2.5
Path: C:\WINXP\DOWNLO~1\
Long name: ImageUploader2.ocx
Short name: IMAGEU~1.OCX
Date (created): 10/8/2004 6:21:52 AM
Date (last access): 3/14/2005
Date (last write): 10/8/2004 6:21:58 AM
Filesize: 726120
Attributes: archive
MD5: 46A045A992B34CA3890BF22D19F68395
CRC32: 677D5025
Version: 0.2.0.5
{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Path: C:\WINXP\DOWNLO~1\
Long name: CTPID.ocx
Short name:
Date (created): 8/4/2003 1:00:00 AM
Date (last access): 3/20/2005
Date (last write): 8/4/2003 1:00:00 AM
Filesize: 32768
Attributes: archive
MD5: E1F4A528F30DF1E7854E7714BB91F2FD
CRC32: 3540ED4A
Version: 0.1.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 3/20/2005 9:57:09 PM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 112 (1280) WDFMGR.EXE
PID: 172 (1280) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 220 (1280) C:\WINXP\System32\svchost.exe
PID: 416 ( 4) \SystemRoot\System32\smss.exe
PID: 444 (1280) C:\WINXP\system32\spoolsv.exe
PID: 712 (1280) C:\Program Files\Norton AntiVirus\navapsvc.exe
PID: 748 ( 416) CSRSS.EXE
PID: 844 (1280) C:\WINXP\System32\nvsvc32.exe
PID: 904 (1280) C:\Program Files\Norton AntiVirus\SAVScan.exe
PID: 936 (1280) C:\WINXP\system32\sessmgr.exe
PID: 1040 (1280) C:\WINXP\system32\tcpsvcs.exe
PID: 1052 ( 416) \??\C:\WINXP\system32\winlogon.exe
PID: 1064 (1280) C:\WINXP\System32\snmp.exe
PID: 1096 (1280) C:\WINXP\System32\svchost.exe
PID: 1164 (1280) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 1236 ( 416) \??\C:\WINXP\system32\winlogon.exe
PID: 1280 (1236) C:\WINXP\system32\services.exe
PID: 1292 (1236) C:\WINXP\system32\lsass.exe
PID: 1456 (1280) C:\WINXP\system32\svchost.exe
PID: 1504 (1280) SVCHOST.EXE
PID: 1604 (1280) C:\Program Files\WZCBDL Service\WZCBDLS.exe
PID: 1624 (1280) C:\WINXP\System32\svchost.exe
PID: 1696 (1280) SVCHOST.EXE
PID: 1736 (1280) ALG.EXE
PID: 1764 (1236) C:\WINXP\system32\logonui.exe
PID: 1804 (1280) SVCHOST.EXE
PID: 1896 (1280) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PID: 1956 (2548) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 1992 ( 416) CSRSS.EXE
PID: 2036 (1280) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 2188 (1052) C:\WINXP\system32\rundll32.exe
PID: 2244 (3556) C:\PROGRA~1\NORTON~1\navw32.exe
PID: 2548 (2532) C:\WINXP\Explorer.EXE
PID: 2680 (2548) C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
PID: 2688 (2548) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PID: 2696 (2548) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 2704 (2548) C:\Program Files\iTunes\iTunesHelper.exe
PID: 2720 (2548) C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
PID: 2728 (2548) C:\Program Files\D-Link\Air Utility\AirCFG.exe
PID: 2816 (1280) C:\Program Files\iPod\bin\iPodService.exe
PID: 3352 (1236) C:\WINXP\system32\logon.scr
PID: 3556 (2696) C:\Program Files\Common Files\Symantec Shared\NMain.exe
PID: 3704 (2548) C:\WINXP\system32\devldr32.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 3/20/2005 9:57:09 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *
Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{719B1E7B-06E7-475D-928D-6DE2F5AD0C7E}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{719B1E7B-06E7-475D-928D-6DE2F5AD0C7E}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BC2EDB5-6B99-4F89-B89F-7D85A75CCB33}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BC2EDB5-6B99-4F89-B89F-7D85A75CCB33}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADDE8F86-2B7D-4D9C-9E62-58392178DAC5}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ADDE8F86-2B7D-4D9C-9E62-58392178DAC5}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BD07152-90C0-40E4-86E9-49537134EDCE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2BD07152-90C0-40E4-86E9-49537134EDCE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B87A5CB-C536-49D0-AD79-14D83BD81A8D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B87A5CB-C536-49D0-AD79-14D83BD81A8D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B32C3071-BC74-43BD-B19D-5D3782EB74FF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B32C3071-BC74-43BD-B19D-5D3782EB74FF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53EC217C-E021-4263-8DB7-663C5B18BDE3}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53EC217C-E021-4263-8DB7-663C5B18BDE3}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB11A8C2-75C7-4908-8FAB-F77C945CC469}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB11A8C2-75C7-4908-8FAB-F77C945CC469}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*