Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows.ActiveDesktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby malohroqui » April 16th, 2006, 5:23 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:21:37 AM, on 17/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRAM FILES\SECWAY\SIMPLITE-MSN 2.1.7 BETA 4\SIMPLITE-MSN.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRAM FILES\UPDATES FROM HP\137903\PROGRAM\BACKWEB-137903.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~3\PccIeBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1441344750
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/M ... loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm
Advertisement
Register to Remove

Unread postby malohroqui » April 16th, 2006, 5:25 pm

and here is my spybot log:

--- Search result list ---
Cache: Cache (324) (Cache, nothing done)


Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Cookie: Cookie (6) (Cookie, nothing done)


Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Internet Explorer\Download Directory!=

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: setuperr.log (Backup file, nothing done)
C:\WINDOWS\setuperr.log

Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: Manually modified tags history (25 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

MS Media Player: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Office 11.0 (Excel): Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Search Assistant\ACMru

Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent wallpaper list (63 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Run history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history (19 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files (164 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE (37 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Windows.OpenWith: Open with list - .CAB extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: Open with list - .AI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

WinRAR: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\WinRAR\General\LastFolder!=

WinRAR: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\WinRAR\ArcHistory

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\gzExtractTo!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\gzAddDir!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\AddDir!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\zDefDir!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\DefDir!=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\directories\ExtractTo!=

WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

WinZip: Recent extracted file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2322107881-3865505124-3464238457-1003\Software\Nico Mak Computing\WinZip\extract


--- Spybot - Search && Destroy version: 1.3 ---
2006-04-14 Includes\Cookies.sbi
2006-04-14 Includes\Dialer.sbi
2006-04-14 Includes\Hijackers.sbi
2006-04-14 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2006-04-14 Includes\Malware.sbi
2006-04-14 Includes\PUPS.sbi
2006-04-14 Includes\Revision.sbi
2006-04-14 Includes\Security.sbi
2006-04-14 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-04-14 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DirectX / DX9 / SP3: DirectX Hotfix - KB825116
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB905915
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Hotfix for Windows XP (KB912475)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)


--- Startup entries list ---
Located: HK_LM:Run,
command:

Located: HK_LM:Run, Acrobat Assistant 7.0
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: 78ff388fd58ce0bae1f7c9670f5473c1

Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: e7be65bf79906aebc698e077d53f6a1c

Located: HK_LM:Run, Home Theater SchSvr
command: "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
file: C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
size: 155648
MD5: 3e4c38088cdb26d27fcd047cabc0a377

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 118784
MD5: ea5dd164296f66241bead39e12fa69f2

Located: HK_LM:Run, HP Component Manager
command: "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
file: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
size: 241664
MD5: f5f1a8cdd473d55f9bf6fe23f715b0fa

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 821f73b833c4daebc33c1a9a4b16bb5a

Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: ec273d5f06235f8f003316003f518ee3

Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: 671f926abfabfb767d708bbee49df45d

Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 8bbbada96ffe1449edd39256eda99cd8

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072a594e1310c0b7d0a93771e8bd

Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: 4a95f15b706b8fd9ec8715b6401eab7b

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
file: C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
size: 897086
MD5: 3150a6f401a7bfbe2c7a2e737148c822

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: c4c523e78774e05d06efe3e10017cf6d

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: c74c7963eec07af49dce44d64819b2bf

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 233472
MD5: 310f1e8a0781887ba1c217448c0e4d48

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_LM:Run, WINCINEMAMGR
command: "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
file: C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
size: 192512
MD5: 3bd730b727f695b9255a75de6c4e073b

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e

Located: HK_CU:Run, Acme.PCHButton
command: C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
file: C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
size: 159744
MD5: 2ce016b8a5aaf457d7bd31e29ac113ec

Located: HK_CU:Run, Simp
command: C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe
file: C:\Program Files\Secway\SimpLite-MSN 2.1.7 beta 4\SimpLite-MSN.exe
size: 1859584
MD5: 44b66579ec8dcf6faefb0d9851291a0a

Located: Startup (common), Adobe Acrobat Speed Launcher.lnk
command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
size: 25214
MD5: d6294d59171ac375cd142003566aa89e

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Updates from HP.lnk
command: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
file: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708fc5318f6ab059104ffd415f146781

Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 241664
MD5: 16e91805cc071039372ae0037aaa9a2b

Located: Startup (disabled), HP Image Zone Fast Start (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe
size: 53248
MD5: 91c0436bd6cb73370895ef33c1c9cb47



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 24/09/2005 3:12:08 PM
Date (last access): 17/04/2006 6:25:16 AM
Date (last write): 12/01/2006 8:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 0.7.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 1:03:00 AM
Date (last access): 17/04/2006 7:02:16 AM
Date (last write): 12/05/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
Path: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 24/09/2005 3:41:42 PM
Date (last access): 17/04/2006 6:25:16 AM
Date (last write): 24/09/2005 3:41:42 PM
Filesize: 231160
Attributes: archive
MD5: 6A95C44FFF0AFE30351CBC92CF327924
CRC32: 8A33F35E
Version: 0.7.0.0



--- ActiveX list ---
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 22/03/2005 3:56:36 PM
Date (last access): 17/04/2006 6:55:32 AM
Date (last write): 17/11/2005 11:12:26 PM
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 0.12.0.0

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
Long name: MsnPUpld.dll
Short name:
Date (created): 14/10/2005 11:02:36 AM
Date (last access): 17/04/2006 6:43:16 AM
Date (last write): 14/10/2005 11:02:36 AM
Filesize: 372736
Attributes: archive
MD5: C673BDB4BE7D28D36D39181F6183DFA2
CRC32: 18D2F4B2
Version: 0.10.0.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 3:19:32 AM
Date (last access): 16/04/2006 5:45:22 PM
Date (last write): 26/05/2005 3:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 0.5.0.8

{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
DPF name:
CLSID name: Housecall ActiveX 6.5
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 20/03/2006 4:06:46 PM
Date (last access): 16/04/2006 5:26:44 PM
Date (last write): 20/03/2006 4:06:46 PM
Filesize: 358912
Attributes: archive
MD5: 395A76EE1C174D793AFB17272E4E4392
CRC32: 1945BB37
Version: 0.6.0.5

{77F539E4-3C23-48D9-960B-B6E62905C113} (FavImport Class)
DPF name:
CLSID name: FavImport Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImportAx.dll
Short name:
Date (created): 7/02/2006 5:47:12 PM
Date (last access): 17/04/2006 6:53:36 AM
Date (last write): 7/02/2006 5:47:12 PM
Filesize: 139472
Attributes: archive
MD5: 60E79949FE3AC9655077EF8D246A2344
CRC32: 9FD64D54
Version: 0.12.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 12:03:56 PM
Date (last access): 16/04/2006 5:14:40 PM
Date (last write): 10/11/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 2:00:20 PM
Date (last access): 16/04/2006 5:26:44 PM
Date (last write): 29/05/2003 2:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 13/08/2005 11:26:04 PM
Date (last access): 17/04/2006 6:43:30 AM
Date (last write): 13/08/2005 11:26:04 PM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 0.1.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 12:03:56 PM
Date (last access): 17/04/2006 7:11:14 AM
Date (last write): 10/11/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 12:03:56 PM
Date (last access): 17/04/2006 7:11:14 AM
Date (last write): 10/11/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 0.5.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 2/01/2006 11:13:28 AM
Date (last access): 17/04/2006 6:55:38 AM
Date (last write): 2/01/2006 11:13:28 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 0.8.0.0

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 27/10/2003 10:35:44 AM
Date (last access): 16/04/2006 5:26:46 PM
Date (last write): 27/10/2003 10:35:44 AM
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 0.9.0.2



--- Process list ---
Spybot - Search && Destroy process list report, 17/04/2006 7:11:13 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 176 ( 596) C:\PROGRA~1\TRENDM~1\INTERN~3\TMPFW.EXE
PID: 324 (1136) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PID: 460 ( 4) \SystemRoot\System32\smss.exe
PID: 528 ( 460) csrss.exe
PID: 552 ( 460) \??\C:\WINDOWS\system32\winlogon.exe
PID: 596 ( 552) C:\WINDOWS\system32\services.exe
PID: 608 ( 552) C:\WINDOWS\system32\lsass.exe
PID: 784 ( 596) C:\WINDOWS\system32\svchost.exe
PID: 840 ( 596) svchost.exe
PID: 904 ( 596) C:\Program Files\Windows Defender\MsMpEng.exe
PID: 948 ( 596) C:\WINDOWS\SYSTEM32\SVCHOST.EXE
PID: 1024 ( 596) svchost.exe
PID: 1136 (1068) C:\WINDOWS\Explorer.EXE
PID: 1160 ( 596) svchost.exe
PID: 1368 ( 596) C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
PID: 1452 (1136) C:\WINDOWS\system32\igfxtray.exe
PID: 1460 (1136) C:\windows\system\hpsysdrv.exe
PID: 1468 (1136) C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
PID: 1520 (1136) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PID: 1664 (1136) C:\HP\KBD\KBD.EXE
PID: 1668 ( 596) C:\PROGRA~1\TRENDM~1\INTERN~3\PCCTLCOM.EXE
PID: 1800 (1136) C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
PID: 1836 (1136) C:\WINDOWS\System32\hphmon05.exe
PID: 1844 ( 596) C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
PID: 1868 ( 596) C:\PROGRA~1\TRENDM~1\INTERN~3\TMPROXY.EXE
PID: 1940 (1136) C:\Program Files\iTunes\iTunesHelper.exe
PID: 2008 ( 596) wdfmgr.exe
PID: 2100 (1136) C:\WINDOWS\system32\hkcmd.exe
PID: 2108 (1136) C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PID: 2144 (1136) C:\WINDOWS\AGRSMMSG.exe
PID: 2216 (1136) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2224 (1136) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
PID: 2244 (1136) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PID: 2280 (1136) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PID: 2308 (1136) C:\Program Files\Windows Defender\MSASCui.exe
PID: 2376 (1136) C:\PROGRAM FILES\SECWAY\SIMPLITE-MSN 2.1.7 BETA 4\SIMPLITE-MSN.EXE
PID: 2508 ( 784) C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PID: 2648 (1136) C:\PROGRAM FILES\UPDATES FROM HP\137903\PROGRAM\BACKWEB-137903.EXE
PID: 2736 (2376) C:\Program Files\MSN Messenger\msnmsgr.exe
PID: 3456 ( 596) C:\Program Files\iPod\bin\iPodService.exe
PID: 3556 ( 596) alg.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 17/04/2006 7:11:13 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E132052-824D-4BD2-B6FE-7C997293A446}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E132052-824D-4BD2-B6FE-7C997293A446}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9CAD7D9-2A1F-4D74-BF78-AFAF9D1BC9EB}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9CAD7D9-2A1F-4D74-BF78-AFAF9D1BC9EB}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{879E8794-DB9A-4C99-97BF-907664829C70}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{879E8794-DB9A-4C99-97BF-907664829C70}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B66C519A-DA8C-490C-85A2-D02F6348CA00}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B66C519A-DA8C-490C-85A2-D02F6348CA00}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07D71965-6611-4245-BA33-C5E06B29A8BD}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07D71965-6611-4245-BA33-C5E06B29A8BD}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 16th, 2006, 9:48 pm

That reg entry you are worried about is ok.

All that is saying is that HTMLWallpapers are not allowed. Its a policy setting for Windows Active Desktop. Its nothing related to malware at all.

http://www.winguides.com/registry/display.php/443/ - This link will describe the function.

Spybot targets some of the settings if they have a dword of 1 or reg_SZ of 0 or 1.

Lets clear it up for you though...

Copy/paste the following quotebox into a new notepad document...

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=-
"NoAddingComponents"=-
"NoChangingWallpaper"=-
"NoComponents"=-
"NoDeletingComponets"=-
"NoEditingComponents"=-



Save it to your desktop as fixme.reg. Save it as File Type All Files(not as a text document or it wont work). Double click fixme.reg and answer yes when asked to merge it into the registry.

Reboot.

That should stop Spybot from reporting that anymore.

Let me know how it goes.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby malohroqui » April 17th, 2006, 3:51 am

everything seems to be back in working order, so i appreciate all the help and patience you've shown me.
thankyou very much, and good luck to you.
malohroqui
Active Member
 
Posts: 13
Joined: April 14th, 2006, 9:41 pm

Unread postby 'KotaGuy » April 17th, 2006, 11:14 am

Glad I could help :)

Surf Safe!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: wannabeageek and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware