Frank
Here is my HiJack and Spybot files
Hijackl
Logfile of HijackThis v1.99.1
Scan saved at 11:37:27 AM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cusrvc.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NWTRAY.EXE
c:\windows\system32\ngvytw.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\mfcfl.exe
C:\WINDOWS\sdkox.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\Frank\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kwoxi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4098B116-3E9F-6C68-3DD2-D1F9DE132411} - C:\WINDOWS\netho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [zvidlu] c:\windows\system32\ngvytw.exe
O4 - HKLM\..\Run: [sdkox.exe] C:\WINDOWS\sdkox.exe
O4 - HKLM\..\RunOnce: [mfcfl.exe] C:\WINDOWS\mfcfl.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcaf...0,2/mcmysec.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...382/mcfscan.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apisy32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe
Spybot
--- Search result list ---
IE Plugin: Executable (File, nothing done)
C:\WINDOWS\wupdt.exe
IE Plugin: Data (File, nothing done)
C:\WINDOWS\lu.dat
IE Plugin: Library (File, nothing done)
C:\WINDOWS\systb.dll
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
IE Plugin: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1966542408-3578686292-842749767-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
--- Startup entries list ---
Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: ba9af06103549a96f77036861fde357b
Located: HK_LM:Run, EnvyHFCPL
command: C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
file: C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
size: 1757696
MD5: 9e03161b5294a7744fc6f8440c3a46fc
Located: HK_LM:Run, Microsoft Works Portfolio
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 28738
MD5: 5ac34c17115d3818dc9c9f5b2d909858
Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 131072
MD5: 16cea30c3ec3494b1cb957d8017c9b3f
Located: HK_LM:Run, NWTRAY
command: NWTRAY.EXE
file: C:\WINDOWS\system32\NWTRAY.EXE
size: 28672
MD5: 8ea25db3b87bf8837f8799cda811f719
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a
Located: HK_LM:Run, RoxioAudioCentral
command: "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
file: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
size: 319488
MD5: b96cb1da50f3c1d37e08e756264597b6
Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
size: 868352
MD5: 7c7e293fea522f7da0244015bad79bd4
Located: HK_LM:Run, RoxioEngineUtility
command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
file: C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
size: 65536
MD5: 364784a6f653df81b76424a39dba237b
Located: HK_LM:Run, sdkox.exe
command: C:\WINDOWS\sdkox.exe
file: C:\WINDOWS\sdkox.exe
size: 33856
MD5: 9281e6b74184a823cafa981fd8610861
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
size: 36975
MD5: 1f6573d67dd5dc06dd29ec7fcf81dc6f
Located: HK_LM:Run, Sunkist2k
command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
size: 139264
MD5: af5b568570206eb72ff31494dd82e934
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb
Located: HK_LM:Run, zvidlu
command: c:\windows\system32\ngvytw.exe
file: c:\windows\system32\ngvytw.exe
size: 75776
MD5: 639c64c1f97175cfa775d6a6746060a9
Located: HK_LM:RunOnce, mfcfl.exe
command: C:\WINDOWS\mfcfl.exe
file: C:\WINDOWS\mfcfl.exe
size: 11475
MD5: 9061a0e993f4acca8988e5eed87ebd82
Located: HK_CU:Run, AIM
command: C:\Program Files\aim\aim.exe -cnetwait.odl
Located: HK_CU:Run, Steam
command: C:\Program Files\Valve\Steam\\Steam.exe -silent
Located: Startup (common), BigFix.lnk
command: C:\Program Files\BigFix\BigFix.exe
file: C:\Program Files\BigFix\BigFix.exe
size: 1742384
MD5: 3802278fed9e3594b4bc3377ff0cff3b
Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 2:17:44 PM
Date (last access): 5/28/2005 10:40:04 AM
Date (last write): 11/3/2003 2:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 0.6.0.0
{4098B116-3E9F-6C68-3DD2-D1F9DE132411} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\
Long name: netho.dll
Short name:
Date (created): 5/11/2005 6:37:20 AM
Date (last access): 5/28/2005 10:40:04 AM
Date (last write): 5/11/2005 6:37:20 AM
Filesize: 103534
Attributes: archive
MD5: 189290AEFE47F7570369CA0EB16513FC
CRC32: A7BF9480
Version: 255.255.255.255
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: Googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 12/14/2004 5:48:04 PM
Date (last access): 5/28/2005 11:29:32 AM
Date (last write): 12/2/2004 2:59:32 PM
Filesize: 720896
Attributes: readonly archive
MD5: D4E9B7B696E8C40A0E5CB76621A03EE4
CRC32: 019AF69C
Version: 0.2.0.0
--- ActiveX list ---
{00000075-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft Audio Codec
classification: Legitimate
known filename: VOXACM.CAB
info link:
info source: Patrick M. Kolla
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Path: C:\PROGRA~1\MICROS~4\OFFICE11\
Long name: IEAWSDC.DLL
Short name:
Date (created): 7/14/2003 10:57:44 PM
Date (last access): 5/28/2005 9:53:54 AM
Date (last write): 7/14/2003 10:57:44 PM
Filesize: 87096
Attributes: archive
MD5: 7D6EB2CEC6635CAD293664E78055822E
CRC32: 813DED2B
Version: 0.11.0.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/28/2005 4:38:00 PM
Date (last access): 5/28/2005 10:02:30 AM
Date (last write): 1/28/2005 4:38:00 PM
Filesize: 421128
Attributes: archive
MD5: C3C3864DA698F0CC1BE56F9695534DD8
CRC32: C0FC216A
Version: 0.1.0.0
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
DPF name:
CLSID name: LSSupCtl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LSSupCtl.dll
Short name:
Date (created): 10/27/2004 3:10:26 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 10/27/2004 3:10:26 PM
Filesize: 111752
Attributes: archive
MD5: C8FEBEA460AAD5C1B6817F9676E03F78
CRC32: 807349F9
Version: 0.3.0.1
{2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class)
DPF name:
CLSID name: ICSScannerLight Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ICSScannerLight.dll
Short name: ICSSCA~1.DLL
Date (created): 3/29/2004 4:42:32 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 3/29/2004 4:42:32 PM
Filesize: 786432
Attributes: archive
MD5: 1D9B3A211E5A3AE2BD77384A8A825410
CRC32: 6A70E9F6
Version: 0.1.0.0
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 6/29/2004 11:28:02 AM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 2/18/2005 4:11:56 PM
Filesize: 202352
Attributes: archive
MD5: 0A7529D49E89E9CF66102F4527BC9E3D
CRC32: 35DAF580
Version: 7.212.0.12
{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FilePlanetDownloadCtrl.dll
Short name: FILEPL~1.DLL
Date (created): 6/21/2004 7:11:18 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 6/21/2004 7:11:18 PM
Filesize: 294912
Attributes: archive
MD5: E6B0A532DC0404BCB678CB0F6757008D
CRC32: AE97F52E
Version: 0.1.0.0
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 6/29/2004 11:28:18 AM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 6/29/2004 11:28:18 AM
Filesize: 160928
Attributes: archive
MD5: 903343D152B0733DBFA22D7408AB59EC
CRC32: FFE4B0EE
Version: 7.212.0.6
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 3/24/2004 6:22:12 PM
Date (last access): 5/28/2005 10:40:04 AM
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 3/4/2005 3:36:50 AM
Date (last access): 5/28/2005 9:46:24 AM
Date (last write): 3/4/2005 3:54:18 AM
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 0.5.0.0
{924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class)
DPF name:
CLSID name: YbUploadFavsCtl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: YbConvFav030408.dll
Short name: YBCONV~1.DLL
Date (created): 4/8/2003 4:11:32 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 4/8/2003 4:11:32 PM
Filesize: 107168
Attributes: archive
MD5: 031D1626A95E6B5ADD11AF82C8BFD7C7
CRC32: DDA6DB71
Version: 7.211.0.4
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class)
DPF name:
CLSID name: McObjectFactory Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: McMysec.dll
Short name:
Date (created): 11/10/2003 12:51:36 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 11/10/2003 12:51:36 PM
Filesize: 37888
Attributes: archive
MD5: 51E166312800BAFF061CF76AFDD84E63
CRC32: 85D95EDB
Version: 0.1.0.0
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1)
DPF name: Java Runtime Environment 1.3.1
CLSID name: Java Plug-in 1.3.1
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1\bin\
Long name: NPJava131.dll
Short name: NPJAVA~1.DLL
Date (created): 2/5/2004 6:04:08 AM
Date (last access): 5/28/2005 9:46:38 AM
Date (last write): 5/6/2001 2:14:22 PM
Filesize: 53338
Attributes: archive
MD5: 8D7694975F0E5C1F153AADD68A460887
CRC32: 2AD23CCB
Version: 0.1.0.3
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02)
DPF name: Java Runtime Environment 1.3.1_02
CLSID name: Java Plug-in 1.3.1_02
Path: C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\
Long name: NPJava131_02.dll
Short name: NPJAVA~1.DLL
Date (created): 2/5/2004 6:00:18 AM
Date (last access): 5/28/2005 9:46:44 AM
Date (last write): 3/4/2002 6:37:58 PM
Filesize: 53338
Attributes: archive
MD5: CAFFD6C4A881EB5E8AEDE346343C2796
CRC32: 2E8A0377
Version: 0.1.0.3
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 6/12/2004 10:46:38 AM
Date (last access): 5/28/2005 9:45:38 AM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 0.1.0.4
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 11:44:46 PM
Date (last access): 5/28/2005 9:45:50 AM
Date (last write): 2/22/2004 11:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2068 10:05:12 PM
Date (last access): 5/28/2005 9:46:00 AM
Date (last write): 6/3/2004 10:05:06 PM
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 0.1.0.4
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 9/28/2004 9:26:10 PM
Date (last access): 5/28/2005 9:46:12 AM
Date (last write): 9/28/2004 9:26:00 PM
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 0.1.0.4
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 3/4/2005 3:36:50 AM
Date (last access): 5/28/2005 11:36:48 AM
Date (last write): 3/4/2005 3:54:18 AM
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 0.5.0.0
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 12/20/2004 7:03:36 PM
Date (last access): 5/28/2005 11:35:10 AM
Date (last write): 12/20/2004 7:03:36 PM
Filesize: 157288
Attributes: archive
MD5: D39C8355D0587B6A3FD2325DA7E2919C
CRC32: B639D5B5
Version: 0.2.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 4/8/2004 5:51:02 PM
Date (last access): 5/28/2005 10:01:54 AM
Date (last write): 12/8/2003 3:01:58 PM
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 0.7.0.0
{EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker)
DPF name:
CLSID name: MSN Money Ticker
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ticker13.ocx
Short name:
Date (created): 6/11/2003 8:27:56 AM
Date (last access): 5/28/2005 9:58:20 AM
Date (last write): 6/11/2003 8:27:56 AM
Filesize: 430080
Attributes: archive
MD5: 3D9371E944259D20E828A08ACBE9EF62
CRC32: 669A676E
Version: 0.13.7.211
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 7/28/2004 10:09:46 AM
Date (last access): 5/28/2005 10:00:00 AM
Date (last write): 7/28/2004 10:09:46 AM
Filesize: 91208
Attributes: archive
MD5: 88B730D8E357943CC3616950BAE93E12
CRC32: 6990399B
Version: 0.2.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 5/28/2005 11:36:47 AM
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 156 ( 708) C:\WINDOWS\System32\wm.exe
PID: 188 ( 708) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 412 ( 4) \SystemRoot\System32\smss.exe
PID: 640 ( 412) csrss.exe
PID: 664 ( 412) \??\C:\WINDOWS\system32\winlogon.exe
PID: 708 ( 664) C:\WINDOWS\system32\services.exe
PID: 720 ( 664) C:\WINDOWS\system32\lsass.exe
PID: 912 ( 708) C:\WINDOWS\System32\Ati2evxx.exe
PID: 924 ( 708) C:\WINDOWS\system32\svchost.exe
PID: 1012 ( 708) svchost.exe
PID: 1048 ( 708) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
PID: 1104 ( 708) C:\WINDOWS\System32\svchost.exe
PID: 1160 ( 708) svchost.exe
PID: 1188 ( 708) svchost.exe
PID: 1436 ( 708) C:\WINDOWS\system32\spoolsv.exe
PID: 1612 ( 708) alg.exe
PID: 1656 ( 708) C:\WINDOWS\System32\cusrvc.exe
PID: 1692 ( 708) C:\WINDOWS\System32\NALNTSRV.EXE
PID: 1772 ( 708) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
PID: 1836 ( 708) C:\WINDOWS\system32\slserv.exe
PID: 1920 ( 708) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
PID: 1952 ( 708) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
PID: 2032 ( 708) wdfmgr.exe
PID: 2072 (2064) C:\WINDOWS\mfcfl.exe
PID: 2080 ( 664) C:\WINDOWS\system32\Ati2evxx.exe
PID: 2100 (1856) C:\WINDOWS\sdkox.exe
PID: 2152 (2112) C:\WINDOWS\Explorer.exe
PID: 2320 (2152) C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PID: 2328 (2152) C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
PID: 2348 (2152) C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
PID: 2356 (2152) C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
PID: 2364 (2152) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PID: 2380 (2152) C:\Program Files\BroadJump\Client Foundation\CFD.exe
PID: 2396 (2152) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 2416 (2152) C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
PID: 2424 (2152) C:\Program Files\QuickTime\qttask.exe
PID: 2456 (2152) C:\WINDOWS\system32\NWTRAY.EXE
PID: 2540 (2508) c:\windows\system32\ngvytw.exe
PID: 2556 (2152) C:\Program Files\Valve\Steam\Steam.exe
PID: 2568 (2152) C:\Program Files\aim\aim.exe
PID: 2576 ( 924) C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PID: 2596 (2152) C:\Program Files\BigFix\BigFix.exe
PID: 2768 (2152) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3464 (2152) C:\Program Files\Netscape\Netscape Browser\netscape.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 5/28/2005 11:36:47 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
websearch.drsnsrch.com/q.cgi?q=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
res://C:\WINDOWS\kwoxi.dll/sp.html#44768
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://websearch.drs...esearch.cgi?id=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF0983AC-9132-4A06-9028-82CD7BD96F67}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF0983AC-9132-4A06-9028-82CD7BD96F67}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0010E78E-4C10-4607-A3C6-012E93E29E32}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0010E78E-4C10-4607-A3C6-012E93E29E32}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4975C58-58B2-4C89-8ED9-AE5E54B850A6}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4975C58-58B2-4C89-8ED9-AE5E54B850A6}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5267010A-C1E9-4F8A-ACC5-E8E3F89044E6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5267010A-C1E9-4F8A-ACC5-E8E3F89044E6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FE32F26-68EB-48D6-BCA2-79343E9EF414}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FE32F26-68EB-48D6-BCA2-79343E9EF414}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: Novell Directory Services Name Provider
GUID: {DD9F6D10-8E24-11CF-8493-00001B4B58D4}
Filename: %SystemRoot%\system32\netware\NWWS2NDS.DLL
Namespace Provider 4: Novell IPX/SPX SAP Name Provider
GUID: {81FA7960-A290-11CF-9D71-00805FF42892}
Filename: %SystemRoot%\system32\netware\NWWS2SAP.DLL
Namespace Provider 5: Novell SLP Provider
GUID: {644FE400-ACC0-11D0-9FE2-00A0C920B5DE}
Filename: %SystemRoot%\system32\netware\NWWS2SLP.DLL