 Symatantec endpoint Protection says its blocking E-mails thinking its |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
 Mar 13 2008, 06:35 PM
Post
#1
|
|
|
New Member  Group: New Member Posts: 2 Joined: 13-March 08 Member No.: 77,589 Operating System: XP  |
i was downloading something on utorent a P2P file shareing thing and when i clicked on the porgram and Symatantec endpoint Protection poped up with 3 things and then windows shutdown then when it started up Symatantec endpoint Protection said it was blocking e mails thinking it was spam i wasent sending emails and there were tons of them i quickly pulled the my iinternt card from the usb hub in fear of it spreading through out my network here is a HJT log i just ran Logfile of HijackThis v1.99.1 Scan saved at 8:30:03 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe i do not think i did this right but there it is plz help! ---------------------------------------UPDATE------------------------------------------- i was trying to do the self help thing in the formes useing spybot and i put my internet card in to get the updates and after about 50 sec i started getting the pop ups again i took a screen shot as soon as i was done updateing i disconnected the adapter here are is the pic  I ran Spy bot search and destroy and this is my search results i am deleting them i was gona put some pics of it up here but heres the report if u need pics ask --- Search result list --- eAcceleration: [SBI $1919079E] Common files folder (Directory, nothing done) C:\Program Files\Common Files\eAcceleration eAcceleration: [SBI $730B2E57] Program directory (Directory, nothing done) C:\Program Files\Common Files\eAcceleration\ Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride Win32.Tiny.abk: [SBI $70B44025] Temporary file (File, nothing done) C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-03-13 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-03-12 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-03-12 Includes\DialerC.sbi (*) 2008-03-12 Includes\HeavyDuty.sbi (*) 2008-03-05 Includes\Hijackers.sbi (*) 2008-03-12 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-03-12 Includes\KeyloggersC.sbi (*) 2008-03-12 Includes\Malware.sbi (*) 2008-03-12 Includes\MalwareC.sbi (*) 2008-02-20 Includes\PUPS.sbi (*) 2008-03-12 Includes\PUPSC.sbi (*) 2008-03-12 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-03-12 Includes\SecurityC.sbi (*) 2008-02-20 Includes\Spybots.sbi (*) 2008-03-12 Includes\SpybotsC.sbi (*) 2007-11-06 Includes\Tracks.uti 2008-02-27 Includes\Trojans.sbi (*) 2008-03-12 Includes\TrojansC.sbi (*) 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 (5.1.2600) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533) / Windows XP / SP3: Windows XP Hotfix - KB839210 / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB912812) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB918118) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB924667) / Windows XP / SP3: Security Update for Windows XP (KB925902) / Windows XP / SP3: Security Update for Windows XP (KB926255) / Windows XP / SP3: Security Update for Windows XP (KB926436) / Windows XP / SP3: Security Update for Windows XP (KB927779) / Windows XP / SP3: Security Update for Windows XP (KB927802) / Windows XP / SP3: Update for Windows XP (KB927891) / Windows XP / SP3: Security Update for Windows XP (KB928255) / Windows XP / SP3: Security Update for Windows XP (KB928843) / Windows XP / SP3: Security Update for Windows XP (KB929123) / Windows XP / SP3: Security Update for Windows XP (KB930178) / Windows XP / SP3: Update for Windows XP (KB930916) / Windows XP / SP3: Security Update for Windows XP (KB931261) / Windows XP / SP3: Security Update for Windows XP (KB931784) / Windows XP / SP3: Security Update for Windows XP (KB932168) / Windows XP / SP3: Security Update for Windows XP (KB933729) / Windows XP / SP3: Security Update for Windows XP (KB935839) / Windows XP / SP3: Security Update for Windows XP (KB935840) / Windows XP / SP3: Security Update for Windows XP (KB936021) / Windows XP / SP3: Update for Windows XP (KB936357) / Windows XP / SP3: Security Update for Windows XP (KB938127) / Windows XP / SP3: Update for Windows XP (KB938828) / Windows XP / SP3: Security Update for Windows XP (KB938829) / Windows XP / SP3: Security Update for Windows XP (KB941202) / Windows XP / SP3: Security Update for Windows XP (KB941568) / Windows XP / SP3: Security Update for Windows XP (KB941644) / Windows XP / SP3: Update for Windows XP (KB942763) / Windows XP / SP3: Update for Windows XP (KB942840) / Windows XP / SP3: Security Update for Windows XP (KB943055) / Windows XP / SP3: Security Update for Windows XP (KB943460) / Windows XP / SP3: Security Update for Windows XP (KB943485) / Windows XP / SP3: Security Update for Windows XP (KB944533) / Windows XP / SP3: Security Update for Windows XP (KB944653) / Windows XP / SP3: Security Update for Windows XP (KB946026) --- Startup entries list --- Located: HK_LM:Run, BCMSMMSG command: BCMSMMSG.exe file: C:\WINDOWS\BCMSMMSG.exe size: 122880 MD5: 2D99607F21FF368C0E335A2D91A052A1 Located: HK_LM:Run, braviax command: C:\WINDOWS\system32\braviax.exe file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, ccApp command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe size: 115560 MD5: 5CB300700CBEDEB3B267802F75EF5428 Located: HK_LM:Run, HotKeysCmds command: C:\WINDOWS\system32\hkcmd.exe file: C:\WINDOWS\system32\hkcmd.exe size: 114688 MD5: EE2AC08BE7024A781DF6F40870ED748D Located: HK_LM:Run, IgfxTray command: C:\WINDOWS\system32\igfxtray.exe file: C:\WINDOWS\system32\igfxtray.exe size: 155648 MD5: 095B56D71D4C6AF017712B0E59C66166 Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 385024 MD5: BAFCF6CF19CE4882039C52DFA17BE35F Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe size: 144784 MD5: 9CC69118FDCBF17119F814FC0A65CA06 Located: HK_CU:Run, braviax where: S-1-5-21-448539723-308236825-725345543-1003... command: C:\WINDOWS\system32\braviax.exe file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, ctfmon.exe where: S-1-5-21-448539723-308236825-725345543-1003... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: Startup (common), NETGEAR WG111v3 Smart Wizard.lnk where: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup... command: C:\Program Files\NETGEAR\WG111v3\WG111v3.exe file: C:\Program Files\NETGEAR\WG111v3\WG111v3.exe size: 1527808 MD5: 331337F2F8035F61F5414C04EE2F7170 Located: Startup (user), Xfire.lnk where: C:\Documents and Settings\Owner.JEREMY-E-CHEEK\Start Menu\Programs\Startup... command: C:\Program Files\Xfire\xfire.exe file: C:\Program Files\Xfire\xfire.exe size: 2945872 MD5: A21BA94C19195D315205ADE670A88322 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, igfxcui command: igfxsrvc.dll file: igfxsrvc.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- --- ActiveX list --- {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://download.microsoft.com/download/5/b...heckControl.cab Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 10/11/2007 3:12:48 PM Date (last access): 3/13/2008 8:13:18 PM Date (last write): 10/11/2007 3:12:48 PM Filesize: 1468968 Attributes: archive MD5: FC6680B6D4812D017109518AC07DED0E CRC32: 4DC7C79C Version: 1.7.59.1 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_04 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0_04\bin\ Long name: npjpi160_04.dll Short name: NPJPI1~1.DLL Date (created): 12/14/2007 2:59:16 AM Date (last access): 3/9/2008 8:54:48 PM Date (last write): 12/14/2007 4:42:38 AM Filesize: 132496 Attributes: archive MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A CRC32: A4EACB48 Version: 6.0.40.12 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_04 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_04\bin\ Long name: npjpi160_04.dll Short name: NPJPI1~1.DLL Date (created): 12/14/2007 2:59:16 AM Date (last access): 3/13/2008 9:18:44 PM Date (last write): 12/14/2007 4:42:38 AM Filesize: 132496 Attributes: archive MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A CRC32: A4EACB48 Version: 6.0.40.12 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_04 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_04\bin\ Long name: npjpi160_04.dll Short name: NPJPI1~1.DLL Date (created): 12/14/2007 2:59:16 AM Date (last access): 3/13/2008 9:18:44 PM Date (last write): 12/14/2007 4:42:38 AM Filesize: 132496 Attributes: archive MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A CRC32: A4EACB48 Version: 6.0.40.12 --- Process list --- PID: 0 ( 0) [System] PID: 488 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 540 ( 488) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 564 ( 488) \??\C:\WINDOWS\system32\winlogon.exe size: 502272 PID: 608 ( 564) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 628 ( 564) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 772 ( 608) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 908 ( 608) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 952 ( 608) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1072 ( 608) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe size: 2532736 MD5: 3C65996A5B566FB3E9217795D8147CE2 PID: 1092 ( 608) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1108 ( 608) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1168 ( 608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe size: 108392 MD5: F3400128B744E6278ED3A9D4ECA239CB PID: 1396 ( 608) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PID: 1648 ( 608) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe size: 72704 MD5: 17681266E789BA928CBED70DD58EE4B1 PID: 1848 ( 608) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe size: 2177464 MD5: 4953EB254D217D8CCFF0912E642807CD PID: 1896 (1828) C:\WINDOWS\Explorer.EXE size: 1033216 MD5: 97BD6515465659FF8F3B7BE375B2EA87 PID: 408 (1896) C:\WINDOWS\system32\hkcmd.exe size: 114688 MD5: EE2AC08BE7024A781DF6F40870ED748D PID: 476 (1896) C:\Program Files\Common Files\Symantec Shared\ccApp.exe size: 115560 MD5: 5CB300700CBEDEB3B267802F75EF5428 PID: 524 (1896) C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe size: 144784 MD5: 9CC69118FDCBF17119F814FC0A65CA06 PID: 764 (1896) C:\WINDOWS\BCMSMMSG.exe size: 122880 MD5: 2D99607F21FF368C0E335A2D91A052A1 PID: 820 (1896) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 1480 (1896) C:\Program Files\NETGEAR\WG111v3\WG111v3.exe size: 1527808 MD5: 331337F2F8035F61F5414C04EE2F7170 PID: 1284 (1072) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe size: 1635712 MD5: 5B387E659578E8BDEF6F578D8042EE2F PID: 2536 ( 608) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 3872 (1896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5146448 MD5: 2ECA8CDEED7C82F879E766DA92A3561A PID: 2076 ( 608) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 176 ( 608) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 472 (1896) C:\WINDOWS\system32\mspaint.exe size: 343040 MD5: 57ADB09ED3617B042D155449490A9F76 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 3/13/2008 9:18:43 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- (AddressBook) Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX) uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe publisher: Adobe Systems Incorporated help link: http://www.adobe.com/go/flashplayer_support/ BCM V.92 56K Modem (BCM V.92 56K Modem) uninstall cmd: C:\WINDOWS\BCMSMU.exe quiet Black Jack 1.1 (Black Jack_is1) install date: 20080223 install location: C:\Program Files\Absolutist.com\Black Jack\ uninstall cmd: "C:\Program Files\Absolutist.com\Black Jack\unins000.exe" publisher: Absolutist Ltd. help link: http://absolutist.com/?r=arc (Branding) (Connection Manager) (DirectAnimation) (DirectDrawEx) (DXM_Runtime) FBX Plugin 2006.08 for Max 9.0 (FBX Plugin 2006.08 for Max 9.0) uninstall cmd: C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe Fiesta (Fiesta) uninstall cmd: C:\Program Files\Outspark\Fiesta\uninstall.exe (Fontcore) Foxit Reader (Foxit Reader) uninstall cmd: C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Microsoft Halo (Halo) version (major): 1 install location: C:\Program Files\Microsoft Games\Halo uninstall cmd: "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove publisher: Microsoft Microsoft Halo Custom Edition (Halo CE) uninstall cmd: "C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove (Halo Custom Edition) version (major): 1 install location: C:\Program Files\Microsoft Games\Halo Custom Edition publisher: Microsoft Halo Editing Kit (Halo HEK) uninstall cmd: "C:\Program Files\Microsoft Games\Halo Custom Edition\UninstEK.exe" /runtemp /addremove (ICW) Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20080217 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) (IE5BAKEX) Windows Internet Explorer 7 20070813.185237 (ie7) install date: 20080217 uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://www.microsoft.com/ie (IEData) IncrediMail Xe 5.6.8.3384 (IncrediMail) uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log publisher: IncrediMail Ltd. help link: http://www.incredimail.com/english/help/index.html (InstallShield Uninstall Information) NETGEAR WG111v3 wireless USB 2.0 adapter 1.00.0000 (InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) version: 16777216 version (major): 1 estimated size: 9240 install date: 20080214 install location: C:\Program Files\NETGEAR\WG111v3\ install source: C:\WINDOWS\Downloaded Installations\{C69980F1-FA56-4737-BA4E-CDBA8A599D9F}\ uninstall cmd: C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409 publisher: NETGEAR Windows XP Hotfix - KB839210 1 (KB839210) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=839210 Windows XP Hotfix - KB873339 20041117.092459 (KB873339) uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873339 (KB884016) Windows XP Hotfix - KB885835 20041027.181713 (KB885835) uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885835 Windows XP Hotfix - KB885836 20041028.173203 (KB885836) uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885836 Windows XP Hotfix - KB886185 20041021.090540 (KB886185) uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=886185 Windows XP Hotfix - KB887472 20041014.162858 (KB887472) uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=887472 Windows XP Hotfix - KB888302 20041207.111426 (KB888302) uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888302 Security Update for Windows XP (KB890046) 1 (KB890046) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890046 Windows XP Hotfix - KB890859 1 (KB890859) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890859 Windows XP Hotfix - KB891781 20050110.165439 (KB891781) uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891781 Security Update for Windows XP (KB893756) 1 (KB893756) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893756 3.1 (KB893803) help link: http://go.microsoft.com/fwlink/?LinkId=42467 Windows Installer 3.1 (KB893803) (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467 Update for Windows XP (KB894391) 1 (KB894391) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=894391 Security Update for Windows XP (KB896358) 1 (KB896358) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896358 Security Update for Windows XP (KB896423) 1 (KB896423) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896423 Security Update for Windows XP (KB896428) 1 (KB896428) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896428 Update for Windows XP (KB898461) 1 (KB898461) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=898461 Security Update for Windows XP (KB899587) 1 (KB899587) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899587 Security Update for Windows XP (KB899591) 1 (KB899591) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899591 Update for Windows XP (KB900485) 2 (KB900485) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900485 Security Update for Windows XP (KB900725) 1 (KB900725) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900725 Security Update for Windows XP (KB901017) 1 (KB901017) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901017 Security Update for Windows XP (KB901214) 1 (KB901214) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901214 Security Update for Windows XP (KB902400) 1 (KB902400) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902400 Update for Windows XP (KB904942) 2 (KB904942) install date: 20080217 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904942 Security Update for Windows XP (KB905414) 1 (KB905414) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905414 Security Update for Windows XP (KB905749) 1 (KB905749) install date: 20070730 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905749 Security Update for Windows XP (KB908519) 1 (KB908519) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908519 Update for Windows XP (KB908531) 2 (KB908531) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908531 Update for Windows XP (KB910437) 1 (KB910437) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910437 Update for Windows XP (KB911280) 2 (KB911280) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911280 Security Update for Windows XP (KB911562) 1 (KB911562) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911562 Security Update for Windows Media Player (KB911564) (KB911564) install date: 20080214 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: |
