Spbot SD Report

Discussion in 'adware, spyware & hijack cleaning' started by RIFLEMAN, Feb 3, 2004.

Thread Status:
Not open for further replies.
  1. RIFLEMAN

    RIFLEMAN Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    50
    Hello---I am still concerned about something piggybacking a legitimate program on my machine. Can someone take a look at the report and tell me of any suspicious entries? Thank you for your time.

    --- Search result list ---

    --- Spybot-S&D version: 1.2 ---
    2003-11-05 Includes\Cookies.sbi
    2003-11-05 Includes\Dialer.sbi
    2003-12-17 Includes\Hijackers.sbi
    2003-11-11 Includes\Keyloggers.sbi
    2003-12-17 Includes\Malware.sbi
    2003-01-07 Includes\plugin-ignore.ini
    2003-11-12 Includes\QA Tests.sbi
    2003-11-05 Includes\Security.sbi
    2003-12-17 Includes\Spybots.sbi
    2003-11-21 Includes\Temporary.sbi
    2003-11-27 Includes\Tracks.uti
    2003-12-10 Includes\Trojans.sbi


    --- System information ---
    Windows XP (Build: 2600)
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Security Update for Microsoft Data Access Components
    / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
    / Windows Media Player: Windows Media Update 320920
    / Windows Media Player: Windows Media Update 828026
    / Windows XP / SP1: Windows XP Hotfix - KB821557
    / Windows XP / SP1: Windows XP Hotfix - KB823182
    / Windows XP / SP1: Windows XP Hotfix - KB824105
    / Windows XP / SP1: Windows XP Hotfix - KB824141
    / Windows XP / SP1: Windows XP Hotfix - KB824146
    / Windows XP / SP1: Windows XP Hotfix - KB828035
    / Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314862 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
    / Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q328310
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
    / Windows XP / SP2: Windows XP Hotfix - KB823559
    / Windows XP / SP2: Windows XP Hotfix - KB825119
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]


    --- Startup entries list ---
    Spybot-S&D Startup list report, 03/02/2004 12:41:12 PM

    Located: HK_CU:Run, CTFMON.EXE
    file: C:\WINDOWS\System32\ctfmon.exe
    MD5: 85B1054DB58D13AA42D7DCA778C30F57

    Located: HK_CU:Run, SpySweeper
    file: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

    Located: HK_CU:Run, MSMSGS
    file: "C:\Program Files\Messenger\msmsgs.exe" /background

    Located: HK_LM:Run, HPDJ Taskbar Utility
    file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    MD5: EBEE1E613E526663A6EA4B52335F1E34

    Located: HK_LM:Run, AVG_CC
    file: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

    Located: HK_LM:Run, myNetWatchman
    file: C:\Program Files\myNetWatchman\NWClient.exe
    MD5: 9277DB6FDB46142182B8706B364A9A77

    Located: HK_LM:Run, zzzHPSETUP
    file: D:\Setup.exe

    Located: Startup (common), ZoneAlarm.lnk
    file: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    MD5: 9A54C57CDC9140DCE58FE0E7F028F86B



    --- Browser helper object list ---
    Spybot-S&D Browser helper object report, 03/02/2004 12:41:14 PM


    --- ActiveX list ---
    Spybot-S&D ActiveX report, 03/02/2004 12:41:14 PM

    Microsoft XML Parser for Java
    Download location: file://C:\WINDOWS\Java\classes\xmldso.cab
    Name: Microsoft XML Parser for Java
    Version: 1,0,9,2

    {33564D57-9980-0010-8000-00AA00389B71}
    Download location: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
    Last modified: Thu, 12 Dec 2002 21:29:19 GMT
    Version: 0,0,0,1

    {D27CDB6E-AE6D-11CF-96B8-444553540000}
    Class file: Flash.ocx
    Attributes: archive
    Date: 08/12/2003 2:01:58 PM
    MD5: F7E435D02F7A48120B746E33254A70BC
    Path: C:\WINDOWS\System32\macromed\flash\
    Short name:
    Size: 933888 bytes
    Version: 0.7.0.0
    Class name: Shockwave Flash Object
    CLSID database: legitimate software
    Description: Macromedia Shockwave Flash Player
    Download location: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Last modified: Thu, 11 Dec 2003 15:54:18 GMT
    Version: 7,0,19,0


    --- Process list ---
    Spybot-S&D process list report, 03/02/2004 12:41:14 PM

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 424 ( 4) \SystemRoot\System32\smss.exe
    PID: 472 ( 424) csrss.exe
    PID: 496 ( 424) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 540 ( 496) C:\WINDOWS\system32\services.exe
    PID: 552 ( 496) C:\WINDOWS\system32\lsass.exe
    PID: 712 ( 540) C:\WINDOWS\system32\svchost.exe
    PID: 764 ( 540) C:\WINDOWS\System32\svchost.exe
    PID: 928 ( 540) svchost.exe
    PID: 956 ( 540) svchost.exe
    PID: 1044 (1264) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    PID: 1060 ( 540) C:\WINDOWS\system32\spoolsv.exe
    PID: 1216 (1264) C:\Program Files\myNetWatchman\NWClient.exe
    PID: 1264 (1216) C:\WINDOWS\Explorer.EXE
    PID: 1276 (1264) C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    PID: 1328 (1264) C:\WINDOWS\System32\ctfmon.exe
    PID: 1400 (1264) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    PID: 1420 (1264) C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    PID: 1452 (1264) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    PID: 1604 ( 540) alg.exe
    PID: 1624 ( 540) C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    PID: 1700 ( 540) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PID: 1792 ( 496) C:\WINDOWS\System32\taskmgr.exe
    PID: 1820 ( 540) C:\WINDOWS\System32\svchost.exe
    PID: 1968 (1264) C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe


    --- Browser start & search pages list ---
    Spybot-S&D browser pages report, 03/02/2004 12:41:14 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Spybot-S&D winsock LSP report, 03/02/2004 12:41:14 PM

    NS Provider ( 1) Tcpip ({22059D40-7E9E-11CF-AE5A-00AA00A7112B})
    NS Provider ( 2) NTDS ({3B2637EE-E580-11CF-A555-00C04FD8D4AC})
    NS Provider ( 3) Network Location Awareness (NLA) Namespace ({6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83})
    Protocol ( 1) MSAFD Tcpip [TCP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 2) MSAFD Tcpip [UDP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 3) MSAFD Tcpip [RAW/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 4) RSVP UDP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
    Protocol ( 5) RSVP TCP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
    Protocol ( 6) MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2A42FA-AAD9-4B81-AD22-F4B28933EA30}] SEQPACKET 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( 7) MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2A42FA-AAD9-4B81-AD22-F4B28933EA30}] DATAGRAM 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( :cool: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B8E0F8-4ED1-45E6-B795-98F090706ECA}] SEQPACKET 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( 9) MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B8E0F8-4ED1-45E6-B795-98F090706ECA}] DATAGRAM 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (10) MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4AAAAE7-5EA9-4D1A-A623-F9BAF0AC04C1}] SEQPACKET 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (11) MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4AAAAE7-5EA9-4D1A-A623-F9BAF0AC04C1}] DATAGRAM 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (12) MSAFD NetBIOS [\Device\NetBT_Tcpip_{636C99C5-533C-4080-9CB8-3EBB8CC92792}] SEQPACKET 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (13) MSAFD NetBIOS [\Device\NetBT_Tcpip_{636C99C5-533C-4080-9CB8-3EBB8CC92792}] DATAGRAM 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (14) MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7E75997-EA11-48EF-8F86-A4D33B8AEF00}] SEQPACKET 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (15) MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7E75997-EA11-48EF-8F86-A4D33B8AEF00}] DATAGRAM 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
     
    RIFLEMAN, Feb 3, 2004
    #1
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Why dont you put up your HijackLog mate... maybe it would help experts here to understand your comp better..

    thx
     
    subratam, Feb 3, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...