Doubleclick

Discussion in 'SpywareBlaster & Other Forum' started by harryleague, Sep 4, 2004.

Thread Status:
Not open for further replies.
  1. harryleague

    harryleague Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    4
    I have an ongoing problem with doubleclick specifically http//ebay.doubleclick.net/adi/ebay.us.

    When I roam around certain portions of myeBay this version of double click keeps popping up on the "Back" button preventing me from going back to the real previous site. I find that I have to push "Back" a number of times before i can reach the intended site.

    I run Ad-aware and SpyBot to get rid of this and am assured that Doubleclick is removed but it keeps coming back. So I installed SpywareBlaster and selected "Enable All Protection" and confirmed that all 4 Doubleclicks are protected against. Nevertheless, http//ebay.doubleclick.net/adi/ebay.us keeps coming back.

    Can you please help me resolve this threat. Thanks.
     
  2. fireman_dude

    fireman_dude Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    8
    Location:
    New Jersey
    You need to disable protection on double click. Ebay will not work properly without it.
     
  3. harryleague

    harryleague Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    4
    Fireman Dude,

    Thank you for the reply.

    Help me understand. When you say "ebay will not work properly without it", are you saying I cannot block doubleclick?

    If so, should I merely forget/ignore the threats as they appear in Ad-Aware and SpyBot?
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I believe what they are referring to is what was found here in this other thread:

    https://www.wilderssecurity.com/showthread.php?t=41405

    The protection for 'doubleclick.net' (SpywareBlaster adding that site to the IE restricted zone) was causing problems getting full functionality out of Ebay as described in that thread.

    Now, I'm not sure exactly what Ad-aware and/or Spybot is finding when they show you that "http//ebay.doubleclick.net/adi/ebay.us" is found. Can you tell us exactly the full description they give when they show this finding?
     
  5. harryleague

    harryleague Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    4
    "http//ebay.doubleclick.net/adi/ebay.us" shows up in the drop down dialog box for the "Back" button on IE while in myeBay. It happens after searching through a favorites search although I believe it can happen just from roaming around eBay. I have tried to delete and block it from my computer but it seems to keep coming back. I have not experienced any problems with it blocked by SpywareBlaster yet as have people in the thread you suggested in your last post. Thanks for the help.

    Here are the last few logs from Ad-aware:

    ArchiveData(auto-quarantine- 2004-09-04 18-37-18.bckp)
    Referencefile : SE1R6 30.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[1]=IECache Entry : Cookie:harry@realmedia.com/
    obj[2]=IECache Entry : Cookie:harry@tribalfusion.com/
    obj[3]=IECache Entry : Cookie:harry@dclkcorp.rpts.net/
    obj[4]=IECache Entry : Cookie:harry@bluestreak.com/

    ArchiveData(auto-quarantine- 2004-09-03 15-46-48.bckp)
    Referencefile : SE1R6 30.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main


    ArchiveData(auto-quarantine- 2004-09-03 15-36-53.bckp)
    Referencefile : SE1R6 30.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main


    ArchiveData(auto-quarantine- 2004-09-03 15-16-03.bckp)
    Referencefile : SE1R6 30.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[1]=IECache Entry : Cookie:harry@doubleclick.net/
    obj[2]=IECache Entry : Cookie:harry@hitbox.com/
    obj[3]=IECache Entry : Cookie:harry@maxserving.com/
    obj[4]=IECache Entry : Cookie:harry@mediaplex.com/
    obj[5]=IECache Entry : Cookie:harry@questionmarket.com/
    obj[6]=IECache Entry : Cookie:harry@ehg-thomas.hitbox.com/
    obj[7]=IECache Entry : Cookie:harry@ehg-ati.hitbox.com/
    obj[8]=IECache Entry : Cookie:harry@atdmt.com/

    ArchiveData(auto-quarantine- 2004-09-02 00-37-35.bckp)
    Referencefile : SE1R6 30.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[1]=IECache Entry : Cookie:harry@doubleclick.net/
    obj[2]=IECache Entry : Cookie:harry@bluestreak.com/
    obj[3]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
    obj[4]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    obj[5]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[1].txt
    obj[6]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@bfast[2].txt
    obj[7]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@casalemedia[1].txt
    obj[8]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@centrport[1].txt
    obj[9]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@cgi-bin[4].txt
    obj[10]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@commission-junction[1].txt
    obj[11]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@dbbsrv[1].txt
    obj[12]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@doubleclick[1].txt
    obj[13]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@edge.ru4[1].txt
    obj[14]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@landing.domainsponsor[1].txt
    obj[15]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@maxserving[1].txt
    obj[16]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@phg.hitbox[1].txt
    obj[17]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@qksrv[1].txt
    obj[18]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@serving-sys[2].txt
    obj[19]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@tmpad[2].txt
    obj[20]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@trafficmp[1].txt
    obj[21]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@2o7[1].txt
    obj[22]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@ads.pointroll[1].txt
    obj[23]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@advertising[1].txt
    obj[24]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@atdmt[2].txt
    obj[25]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@bluestreak[2].txt
    obj[26]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@bravenet[1].txt
    obj[27]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@ehg-lowermybills.hitbox[1].txt
    obj[28]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@hitbox[1].txt
    obj[29]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@mediaplex[1].txt
    obj[30]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@overture[2].txt
    obj[31]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@questionmarket[1].txt
    obj[32]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@servedby.advertising[2].txt
    obj[33]=IECache Entry : E:\Harry's Tecra 8100\Documents and Settings\harry\Cookies\harry@server.iad.liveperson[1].txt
    obj[34]=IECache Entry : E:\Tecra S1Image of New WITH OLD DATA AND OLD SETTINGS\Documents and Settings\Harry\Cookies\harry@2o7[1].txt
    obj[35]=IECache Entry : E:\Tecra S1Image of New WITH OLD DATA AND OLD SETTINGS\Documents and Settings\Harry\Cookies\harry@mediaplex[1].txt
    obj[36]=IECache Entry : E:\Tecra S1Image of New WITH OLD DATA AND OLD SETTINGS\Documents and Settings\Harry\Cookies\harry@doubleclick[2].txt

    ArchiveData(auto-quarantine- 2004-08-30 12-31-17.bckp)
    Referencefile : SE1R5 22.08.2004
    ======================================================

    POSSIBLE BROWSER HIJACK ATTEMPT
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=RegData : S-1-5-21-481609023-1583790556-3766781760-1006\Software\Microsoft\Internet Explorer\Main
    obj[3]=File : C:\Documents and Settings\Harry\Favorites\iQuicksearch - Favorites\Data Shredder Gold.url
    obj[4]=File : C:\Documents and Settings\Harry\Favorites\iQuicksearch - Favorites\Email Spam Blocker.url
    obj[5]=File : C:\Documents and Settings\Harry\Favorites\iQuicksearch - Favorites\Evidence Cleaner Gold.url
    obj[6]=File : C:\Documents and Settings\Harry\Favorites\iQuicksearch - Favorites\Extractor And Burner.url
    obj[7]=File : C:\Documents and Settings\Harry\Favorites\iQuicksearch - Favorites\Modem Speed Booster.url

    TRACKING COOKIE
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[1]=IECache Entry : Cookie:harry@atdmt.com/

    SUREBAR
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[2]=File : C:\System Volume Information\_restore{71540F4E-C400-4C76-92E3-63314A012072}\RP156\A0018208.dll

    Here is the latest SpyBot Report


    --- Search result list ---

    --- Spybot - Search && Destroy version: 1.3 ---
    2004-08-11 Includes\Cookies.sbi
    2004-08-30 Includes\Dialer.sbi
    2004-08-30 Includes\Hijackers.sbi
    2004-08-20 Includes\Keyloggers.sbi
    2004-05-12 Includes\LSP.sbi
    2004-08-30 Includes\Malware.sbi
    2003-03-16 Includes\plugin-ignore.ini
    2004-08-12 Includes\Revision.sbi
    2004-08-11 Includes\Security.sbi
    2004-08-30 Includes\Spybots.sbi
    2003-03-16 Includes\Temporary.sbi
    2004-08-30 Includes\Tracks.uti
    2004-08-30 Includes\Trojans.sbi


    --- System information ---
    Windows XP (Build: 2600) Service Pack 1
    / DataAccess: Microsoft Data Access Components KB870669
    / DataAccess: Security Update for Microsoft Data Access Components
    / DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
    / Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
    / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
    / Windows Media Player: Windows Media Update 817787
    / Windows Media Player: Windows Media Update 819639
    / Windows Media Player: Windows Media Update 828026
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
    / Windows XP / SP2: Windows XP Hotfix - KB820291
    / Windows XP / SP2: Windows XP Hotfix - KB821253
    / Windows XP / SP2: Windows XP Hotfix - KB821557
    / Windows XP / SP2: Windows XP Hotfix - KB822603
    / Windows XP / SP2: Windows XP Hotfix - KB823182
    / Windows XP / SP2: Windows XP Hotfix - KB823559
    / Windows XP / SP2: Windows XP Hotfix - KB824105
    / Windows XP / SP2: Windows XP Hotfix - KB824141
    / Windows XP / SP2: Windows XP Hotfix - KB824146
    / Windows XP / SP2: Windows XP Hotfix - KB825119
    / Windows XP / SP2: Windows XP Hotfix - KB826939
    / Windows XP / SP2: Windows XP Hotfix - KB828028
    / Windows XP / SP2: Windows XP Hotfix - KB828035
    / Windows XP / SP2: Windows XP Hotfix - KB828741
    / Windows XP / SP2: Windows XP Hotfix - KB833407
    / Windows XP / SP2: Windows XP Hotfix - KB835732
    / Windows XP / SP2: Windows XP Hotfix - KB837001
    / Windows XP / SP2: Windows XP Hotfix - KB839645
    / Windows XP / SP2: Windows XP Hotfix - KB840315
    / Windows XP / SP2: Windows XP Hotfix - KB840374
    / Windows XP / SP2: Windows XP Hotfix - KB841873
    / Windows XP / SP2: Windows XP Hotfix - KB842773
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See q329112 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
    / Windows XP / SP2: Windows XP Hotfix (SP2) Q819696


    --- Startup entries list ---
    Located: HK_LM:Run, AcctMgr
    command: C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

    Located: HK_LM:Run, Apoint
    command: C:\Program Files\Apoint2K\Apoint.exe
    file: C:\Program Files\Apoint2K\Apoint.exe
    size: 159744
    MD5: 95a2d04180d1bcf964f5f43100a387b3

    Located: HK_LM:Run, ATIModeChange
    command: Ati2mdxx.exe
    file: C:\WINDOWS\system32\Ati2mdxx.exe
    size: 28672
    MD5: fae95d6d7651b5629c4e19adbc9a3863

    Located: HK_LM:Run, ATIPTA
    command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    size: 294912
    MD5: 44a08da91a8c4a1c910b52458d2c9332

    Located: HK_LM:Run, Bart Station
    command: C:\Program Files\ISP40\hta\station.sbrt
    file: C:\Program Files\ISP40\hta\station.sbrt
    size: 14369
    MD5: c8f105c3636bdc9d285e43ce167e7885

    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 70816
    MD5: 631bd98882f6fc3e1191c8c7ef942638

    Located: HK_LM:Run, CoolSwitch
    command: C:\WINDOWS\System32\taskswitch.exe
    file: C:\WINDOWS\System32\taskswitch.exe
    size: 45632
    MD5: ebd2ea535fc47d426d0c2fc7c7293534

    Located: HK_LM:Run, Drag'n Drop CD+DVD
    command: C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

    Located: HK_LM:Run, EPSON Stylus Photo R300 Series
    command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    size: 99840
    MD5: 3e39a7afae74914282169b93beb0e0c3

    Located: HK_LM:Run, ezShieldProtector for Px
    command: C:\WINDOWS\System32\ezSP_Px.exe
    file: C:\WINDOWS\System32\ezSP_Px.exe
    size: 40960
    MD5: 2849ed071a0d83406bda342aa767f24e

    Located: HK_LM:Run, IndexSearch
    command: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    size: 40960
    MD5: 1e7903df8917d777492f174db8b39f52

    Located: HK_LM:Run, Opware12
    command: "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
    file: C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
    size: 49152
    MD5: fbda3b2c8e0dfeb2d4bb01a1fe0e3606

    Located: HK_LM:Run, PaperPort PTD
    command: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    size: 57393
    MD5: f66581c91edfc0464457e2f0fdb65aff

    Located: HK_LM:Run, Pinger
    command: C:\TOSHIBA\ivp\ISM\pinger.exe /run
    file: C:\TOSHIBA\ivp\ISM\pinger.exe
    size: 159744
    MD5: 2ed75d44e1bc39227500b9e3735aa4d5

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 77824
    MD5: a997e887c720e1a0472b11bd2c01a8e8

    Located: HK_LM:Run, SMSI Loader
    command: C:\Program Files\Common Files\Smith Micro Shared\FAX\SMLoader.exe /PRNDRV

    Located: HK_LM:Run, SSC_UserPrompt
    command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    size: 218240
    MD5: 0ccc2e4185847d27fb6b3717c24b66c3

    Located: HK_LM:Run, StrobePro
    command: C:\Program Files\ScanSoft\PaperPort\viperusb.exe
    file: C:\Program Files\ScanSoft\PaperPort\viperusb.exe
    size: 155648
    MD5: b91f0bd6da9a6ffb3fd8e71d3d96e169

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    file: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    size: 32881
    MD5: bed6eddbf28db980aa8d3a42d4a05586

    Located: HK_LM:Run, THotkey
    command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    size: 323584
    MD5: e21b00b6dd70c0277158e458fe407ae7

    Located: HK_LM:Run, TkBellExe
    command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: b8e684df9a97497edd2f87444a6307fb

    Located: HK_LM:Run, TMEPROP
    command: C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S

    Located: HK_LM:Run, TPWRSAVE
    command: C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S

    Located: HK_LM:Run, type32
    command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
    size: 114688
    MD5: 0b45a5b6c854cc6c68c891bdeabec035

    Located: HK_CU:Run, CardScan AutoSync
    command:

    Located: HK_CU:Run, ClipMate6
    command: C:\Program Files\ClipMate6\ClipMt62.exe
    file: C:\Program Files\ClipMate6\ClipMt62.exe
    size: 2351710
    MD5: 3b39602d6a9a00dc7a3291e6685ffbc9

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\System32\ctfmon.exe
    file: C:\WINDOWS\System32\ctfmon.exe
    size: 13312
    MD5: 414de7cf9d3f19c3ea902f1bb38ec116

    Located: HK_CU:Run, Kleptomania
    command:

    Located: HK_CU:Run, Mozilla Quick Launch
    command: "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    file: C:\Program Files\Netscape\Netscape\Netscp.exe
    size: 568096
    MD5: d88eeaf0a19e44f93d1884b1afb092d2

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1491216
    MD5: 86e14ca9134602a7a75c108279d263e0

    Located: Startup (common), RAMASST.lnk
    command: C:\WINDOWS\system32\RAMASST.exe
    file: C:\WINDOWS\system32\RAMASST.exe
    size: 151552
    MD5: 8df005f0cf110d720904eae1f48a373c

    Located: Startup (common), SnagIt 7.lnk
    command: C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    file: C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    size: 2637824
    MD5: 6dd453b33a1c7f6ced06a5eed76e7604

    Located: Startup (common), WinZip Quick Pick.lnk
    command: C:\Program Files\WinZip\WZQKPICK.EXE
    file: C:\Program Files\WinZip\WZQKPICK.EXE
    size: 118784
    MD5: 67b2e7b6ae3b400d832f0456068ea83d

    Located: Startup (user), BHO Cop.lnk
    command: C:\Program Files\BHOCop\BHOCop.exe
    file: C:\Program Files\BHOCop\BHOCop.exe
    size: 212992
    MD5: ffcedfbe7f391b6248d3a018cc1e046d

    Located: Startup (user), CardScan.lnk
    command: C:\Program Files\Corex\CardScan\cs.exe
    file: C:\Program Files\Corex\CardScan\cs.exe
    size: 1171504
    MD5: 8c09d4d7a931370ef3054ee6a3bf50eb

    Located: Startup (user), DAZZLE.lnk
    command: C:\dazzle\DAZZLE.EXE
    file: C:\dazzle\DAZZLE.EXE
    size: 708608
    MD5: b713a9a3bd0db9baeb335126f51a6bef

    Located: Startup (user), Launch Internet Explorer Browser.lnk
    command: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    file: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    size: 91136
    MD5: 418d301c3b1fa94b19584aeeb3d65166

    Located: Startup (user), Launch Microsoft Office Outlook.lnk
    command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    size: 196296
    MD5: edb2d35ef459fa287d02206602301e91

    Located: Startup (user), Netscape Messenger.lnk
    command: C:\Program Files\Netscape\Communicator\Program\netscape.exe
    file: C:\Program Files\Netscape\Communicator\Program\netscape.exe
    size: 5642272
    MD5: ad9f69ac2116a0f8c9bd6011ad46c4c9

    Located: Startup (user), Rocket Retriever 3.LNK
    command: C:\Program Files\PA\Rocket Retriever 3\rocket.exe
    file: C:\Program Files\PA\Rocket Retriever 3\rocket.exe
    size: 716800
    MD5: 9fbaa08943de25da8cf9bb7447c9ffbc



    --- Browser helper object list ---
    {00C6482D-C502-44C8-8409-FCE54AD9C208} (HelperObject Class)
    BHO name:
    CLSID name: HelperObject Class
    description: SnagIt
    classification: Legitimate
    known filename: SnagItBHO.dll
    info link: http://www.techsmith.com/products/snagit/default.asp
    info source: TonyKlein
    Path: C:\Program Files\TechSmith\SnagIt 7\
    Long name: SnagItBHO.dll
    Short name: SNAGIT~1.DLL
    Date (created): 2/22/2004 4:13:42 PM
    Date (last access): 9/4/2004 6:20:48 PM
    Date (last write): 1/26/2004 8:03:00 AM
    Filesize: 49152
    Attributes: archive
    MD5: 976B90AA69BB1C5015F6412D7D0BFA2B
    CRC32: C8A5D218
    Version: 0.1.0.0

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    BHO name:
    CLSID name: AcroIEHlprObj Class
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: ACROIEHELPER.OCX
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 11/3/2003 3:17:44 PM
    Date (last access): 9/4/2004 6:20:06 PM
    Date (last write): 11/3/2003 3:17:44 PM
    Filesize: 54248
    Attributes: archive
    MD5: FC7850324464E4D19A24A03D882B5CC4
    CRC32: 452E8571
    Version: 0.6.0.0

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 5/12/2004 1:03:00 AM
    Date (last access): 9/4/2004 6:21:04 PM
    Date (last write): 5/12/2004 1:03:00 AM
    Filesize: 744960
    Attributes: archive
    MD5: ABF5BA518C6A5ED104496FF42D19AD88
    CRC32: 5587736E
    Version: 0.1.0.3

    {BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
    BHO name: NAV Helper
    CLSID name: CNavExtBho Class
    description: Norton Antivirus
    classification: Legitimate
    known filename: NavShExt.dll
    info link: http://www.symantec.com/nav/nav_9xnt/
    info source: TonyKlein
    Path: C:\Program Files\Norton SystemWorks\Norton Antivirus\
    Long name: NAVSHEXT.DLL
    Short name:
    Date (created): 4/13/2004 4:03:42 PM
    Date (last access): 9/4/2004 6:38:08 PM
    Date (last write): 12/4/2003 6:22:30 PM
    Filesize: 103368
    Attributes: archive
    MD5: 65C8A602DFA9D5860F1E328CB8575317
    CRC32: 929FB7E0
    Version: 0.10.0.0



    --- ActiveX list ---
    DirectAnimation Java Classes (DirectAnimation Java Classes)
    DPF name: DirectAnimation Java Classes
    CLSID name:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\dajava.cab
    info link:
    info source: Patrick M. Kolla

    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    ppctlcab (ppctlcab)
    DPF name: ppctlcab
    CLSID name:

    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
    DPF name:
    CLSID name: Symantec AntiVirus scanner
    description: Symantec online scanner
    classification: Legitimate
    known filename: AVSNIFF.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: avsniff.dll
    Short name:
    Date (created): 2/13/2004 1:37:54 AM
    Date (last access): 9/4/2004 6:28:30 PM
    Date (last write): 2/13/2004 1:37:54 AM
    Filesize: 197760
    Attributes: archive
    MD5: DBF9842C6EA3C04479F38A17F79B8B52
    CRC32: 82F97315
    Version: 7.210.0.1

    {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen)
    DPF name:
    CLSID name: PPSDKActiveXScanner.MainScreen
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: PPSDKActiveXScanner.ocx
    Short name: PPSDKA~1.OCX
    Date (created): 3/17/2004 2:41:36 AM
    Date (last access): 9/4/2004 12:42:50 AM
    Date (last write): 3/17/2004 2:41:36 AM
    Filesize: 170608
    Attributes: archive
    MD5: 6EA60ECEBA1D024CE2106C7D9DB78AB1
    CRC32: 26FCC8AB
    Version: 0.1.0.5

    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
    DPF name:
    CLSID name: Office Update Installation Engine
    Path: C:\WINDOWS\
    Long name: opuc.dll
    Short name:
    Date (created): 8/27/2003 5:10:30 AM
    Date (last access): 9/1/2004 6:42:54 PM
    Date (last write): 8/27/2003 5:10:30 AM
    Filesize: 314368
    Attributes: archive
    MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
    CRC32: E98FC293
    Version: 0.11.0.0

    {469C7080-8EC8-43A6-AD97-45848113743C} ()
    DPF name:
    CLSID name:

    {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
    DPF name:
    CLSID name: EPUImageControl Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: EPUWalcontrol.dll
    Short name: EPUWAL~1.DLL
    Date (created): 5/15/2004 3:14:18 PM
    Date (last access): 9/4/2004 6:28:30 PM
    Date (last write): 5/15/2004 3:14:18 PM
    Filesize: 884736
    Attributes: archive
    MD5: ACBDA0F01F0A678AB5E6CC9080708C7D
    CRC32: B21B099F
    Version: 0.1.0.0

    {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep)
    DPF name:
    CLSID name: Microsoft.WinRep
    Path: C:\WINDOWS\System32\
    Long name: Winrep.dll
    Short name:
    Date (created): 9/6/2002 6:07:56 PM
    Date (last access): 9/4/2004 6:21:10 PM
    Date (last write): 9/6/2002 6:07:56 PM
    Filesize: 434176
    Attributes: archive
    MD5: 99D4CC36B0B504B4B0C60BE21189BE1D
    CRC32: AEE58997
    Version: 0.3.0.1

    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    DPF name:
    CLSID name: HouseCall Control
    description: Trend Micro Antivirus online scanner
    classification: Legitimate
    known filename: XSCAN53.OCX
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: xscan53.ocx
    Short name:
    Date (created): 3/24/2004 6:22:12 PM
    Date (last access): 9/1/2004 6:07:38 PM
    Date (last write): 3/24/2004 6:22:12 PM
    Filesize: 435712
    Attributes: archive
    MD5: 99A67AEE9A6E3EFD2126AFA0840ECBED
    CRC32: 9198FA39
    Version: 0.5.0.70

    {8522F9B3-0000-0000-0000-000000000000} ()
    DPF name:
    CLSID name:

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_05
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\j2re1.4.2_05\bin\
    Long name: NPJPI142_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 6/3/2068 10:05:12 PM
    Date (last access): 9/4/2004 12:00:48 AM
    Date (last write): 6/3/2004 10:05:06 PM
    Filesize: 65650
    Attributes: archive
    MD5: 174488C8877FA852448D1937C322AABB
    CRC32: 62C2460D
    Version: 0.1.0.4

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
    DPF name:
    CLSID name: ActiveScan Installer Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: asinst.dll
    Short name:
    Date (created): 8/7/2003 9:02:50 AM
    Date (last access): 9/4/2004 6:21:20 PM
    Date (last write): 8/7/2003 9:02:50 AM
    Filesize: 110592
    Attributes: archive
    MD5: BF100C75EBD536E45B2BE67A685DD39C
    CRC32: 99F54DBA
    Version: 0.55.0.2

    {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control)
    DPF name:
    CLSID name: WebResponseAttachments Control
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: FileTransfer.ocx
    Short name: FILETR~1.OCX
    Date (created): 12/13/1999 1:57:10 PM
    Date (last access): 9/1/2004 6:07:36 PM
    Date (last write): 12/13/1999 1:57:10 PM
    Filesize: 62768
    Attributes: archive
    MD5: 08D332C2C2928300265D8D061EE8D303
    CRC32: B906AEE3
    Version: 0.6.0.0

    {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class)
    DPF name:
    CLSID name: Symantec RuFSI Registry Information Class
    description: Symantec RuFSI Registry Information Class
    classification: Legitimate
    known filename: RUFSI.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: rufsi.dll
    Short name:
    Date (created): 2/13/2004 1:38:04 AM
    Date (last access): 9/4/2004 6:28:30 PM
    Date (last write): 2/13/2004 1:38:04 AM
    Filesize: 160928
    Attributes: archive
    MD5: A192DBB56604DE255D3D6EBE22824E3F
    CRC32: 2BD99E7E
    Version: 7.211.0.7

    {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
    DPF name: Java Runtime Environment 1.4.1_02
    CLSID name: Java Plug-in 1.4.1_02
    Path: C:\Program Files\Java\j2re1.4.1_02\bin\
    Long name: NPJPI141_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 2/26/2004 11:12:28 AM
    Date (last access): 9/1/2004 5:10:58 PM
    Date (last write): 2/20/2003 5:42:34 PM
    Filesize: 61553
    Attributes: archive
    MD5: E4EFF4ADF1367AA79815A9061E64C0D9
    CRC32: A0446F8E
    Version: 0.1.0.4

    {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_04
    Path: C:\Program Files\Java\j2re1.4.2_04\bin\
    Long name: NPJPI142_04.dll
    Short name: NPJPI1~1.DLL
    Date (created): 2/22/2068 11:44:46 PM
    Date (last access): 9/2/2004 2:14:58 AM
    Date (last write): 2/22/2004 11:44:42 PM
    Filesize: 65650
    Attributes: archive
    MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
    CRC32: 3D4A4E94
    Version: 0.1.0.4

    {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_05
    Path: C:\Program Files\Java\j2re1.4.2_05\bin\
    Long name: NPJPI142_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 6/3/2068 10:05:12 PM
    Date (last access): 9/5/2004 12:53:08 AM
    Date (last write): 6/3/2004 10:05:06 PM
    Filesize: 65650
    Attributes: archive
    MD5: 174488C8877FA852448D1937C322AABB
    CRC32: 62C2460D
    Version: 0.1.0.4

    {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    DPF name:
    CLSID name: ActiveDataInfo Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: SymAData.dll
    Short name:
    Date (created): 5/17/2004 10:05:58 AM
    Date (last access): 9/4/2004 6:28:32 PM
    Date (last write): 5/17/2004 10:05:58 AM
    Filesize: 156792
    Attributes: archive
    MD5: B7A28CBD0022210FD0D877C9951694F1
    CRC32: C44DD1D5
    Version: 0.2.0.0

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\System32\macromed\flash\
    Long name: Flash.ocx
    Short name:
    Date (created): 12/8/2003 3:01:58 PM
    Date (last access): 9/4/2004 6:18:54 PM
    Date (last write): 12/8/2003 3:01:58 PM
    Filesize: 933888
    Attributes: archive
    MD5: F7E435D02F7A48120B746E33254A70BC
    CRC32: 02AF493D
    Version: 0.7.0.0

    {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
    DPF name:
    CLSID name: ActiveDataObj Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: ActiveData.dll
    Short name: ACTIVE~1.DLL
    Date (created): 6/12/2002 2:16:22 PM
    Date (last access): 9/4/2004 6:28:30 PM
    Date (last write): 6/12/2002 2:16:22 PM
    Filesize: 112312
    Attributes: archive
    MD5: C0A5720A581109543B113A8BEAE7868C
    CRC32: 1B08DE36
    Version: 0.1.0.0



    --- Process list ---
    Spybot - Search && Destroy process list report, 9/5/2004 12:53:07 AM

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 276 ( 80:cool: C:\WINDOWS\System32\Ati2evxx.exe
    PID: 292 ( 80:cool: C:\WINDOWS\System32\DVDRAMSV.exe
    PID: 400 ( 80:cool: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    PID: 428 ( 80:cool: C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    PID: 500 ( 80:cool: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    PID: 520 (108:cool: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PID: 564 (108:cool: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    PID: 668 ( 4) \SystemRoot\System32\smss.exe
    PID: 720 ( 66:cool: csrss.exe
    PID: 728 (108:cool: C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
    PID: 736 ( 80:cool: C:\Program Files\Dantz\Retrospect\retrorun.exe
    PID: 756 ( 66:cool: \??\C:\WINDOWS\system32\winlogon.exe
    PID: 808 ( 756) C:\WINDOWS\system32\services.exe
    PID: 820 ( 756) C:\WINDOWS\system32\lsass.exe
    PID: 1000 ( 80:cool: C:\WINDOWS\system32\svchost.exe
    PID: 1028 (108:cool: C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
    PID: 1044 ( 80:cool: C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    PID: 1060 (108:cool: C:\Program Files\Common Files\Smith Micro Shared\FAX\SMLoader.exe
    PID: 1064 (108:cool: C:\Program Files\ScanSoft\PaperPort\viperusb.exe
    PID: 1088 ( 564) C:\WINDOWS\Explorer.EXE
    PID: 1096 ( 80:cool: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PID: 1112 ( 80:cool: C:\WINDOWS\System32\svchost.exe
    PID: 1128 ( 80:cool: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PID: 1140 ( 80:cool: C:\WINDOWS\System32\svchost.exe
    PID: 1244 ( 80:cool: C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
    PID: 1256 ( 80:cool: C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
    PID: 1356 (108:cool: C:\Program Files\QuickTime\qttask.exe
    PID: 1360 (108:cool: C:\Program Files\Microsoft IntelliType Pro\type32.exe
    PID: 1384 (108:cool: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    PID: 1436 (108:cool: C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
    PID: 1444 (108:cool: C:\TOSHIBA\ivp\ISM\pinger.exe
    PID: 1472 ( 80:cool: svchost.exe
    PID: 1544 (108:cool: C:\Program Files\ISP40\bin\bartshel.exe
    PID: 1560 (108:cool: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PID: 1584 ( 80:cool: svchost.exe
    PID: 1664 (108:cool: C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    PID: 1680 (108:cool: C:\WINDOWS\System32\taskswitch.exe
    PID: 1692 (108:cool: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    PID: 1748 (108:cool: C:\Program Files\Apoint2K\Apoint.exe
    PID: 1764 (108:cool: C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    PID: 1776 (108:cool: C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    PID: 1816 (108:cool: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PID: 1824 ( 80:cool: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PID: 1848 ( 80:cool: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PID: 1868 (108:cool: C:\WINDOWS\System32\ezSP_Px.exe
    PID: 2004 ( 80:cool: C:\WINDOWS\system32\spoolsv.exe
    PID: 2056 (108:cool: C:\Program Files\Messenger\msmsgs.exe
    PID: 2064 (108:cool: C:\Program Files\Netscape\Netscape\Netscp.exe
    PID: 2076 (108:cool: C:\Program Files\ClipMate6\ClipMt62.exe
    PID: 2084 (108:cool: C:\WINDOWS\System32\ctfmon.exe
    PID: 2096 (108:cool: C:\WINDOWS\system32\RAMASST.exe
    PID: 2104 (108:cool: C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    PID: 2128 (108:cool: C:\Program Files\WinZip\WZQKPICK.EXE
    PID: 2172 (108:cool: C:\Program Files\Corex\CardScan\cs.exe
    PID: 2180 (108:cool: C:\dazzle\DAZZLE.EXE
    PID: 2188 (108:cool: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    PID: 2196 (108:cool: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    PID: 2204 (108:cool: C:\Program Files\Netscape\Communicator\Program\netscape.exe
    PID: 2212 (108:cool: C:\Program Files\PA\Rocket Retriever 3\rocket.exe
    PID: 2220 (2212) C:\Program Files\PA\Rocket Retriever 3\rocket.exe
    PID: 2416 (2104) C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    PID: 2448 (1000) C:\PROGRA~1\ISP40\bin\ppshared.exe
    PID: 2640 (260:cool: C:\Program Files\Apoint2K\Apntex.exe
    PID: 3740 (108:cool: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    PID: 3864 (1000) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


    --- Browser start & search pages list ---
    Spybot - Search && Destroy browser pages report, 9/5/2004 12:53:07 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
    http://www.iquicksearch.net/search.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.iquicksearch.net/search.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.iquicksearch.net/search.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.toshiba.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.iquicksearch.net/search.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Irda [IrDA]
    GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Infrared protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Irda [IrDA]

    Protocol 1: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 2: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 3: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 4: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 6: MSAFD nwlnkipx [IPX]
    GUID: {11058240-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkipx *

    Protocol 7: MSAFD nwlnkspx [SPX]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 8: MSAFD nwlnkspx [SPX] [Pseudo Stream]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 9: MSAFD nwlnkspx [SPX II]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 10: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
    GUID: {11058241-BE47-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD nwlnkspx *

    Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05C6134C-7D7D-4BD7-AA40-8986C30AB340}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05C6134C-7D7D-4BD7-AA40-8986C30AB340}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E232A333-8F81-4647-BF9C-E3B4B461B3A7}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E232A333-8F81-4647-BF9C-E3B4B461B3A7}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A7A4B22-DD9B-47DE-A820-6F4131B21CB3}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A7A4B22-DD9B-47DE-A820-6F4131B21CB3}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7885759-630A-4706-B5DD-08296D5C4582}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7885759-630A-4706-B5DD-08296D5C4582}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37FF4D9-B197-4273-930A-87538BA40767}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A37FF4D9-B197-4273-930A-87538BA40767}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
    GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\nwprovau.dll
    Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
    DB filename: %SystemRoot%\system32\nwprovau.dll
    DB protocol: NWLink IPX/SPX/NetBIOS*


    Here is the latest SpyBot Results Report

    DSO Exploit: Data source object exploit (Registry change, fixing failed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixing failed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


    --- Spybot - Search && Destroy version: 1.3 ---
    2004-05-12 Includes\Cookies.sbi
    2004-05-12 Includes\Dialer.sbi
    2004-05-12 Includes\Hijackers.sbi
    2004-05-12 Includes\Keyloggers.sbi
    2004-05-12 Includes\LSP.sbi
    2004-05-12 Includes\Malware.sbi
    2003-03-16 Includes\plugin-ignore.ini
    2004-05-12 Includes\Revision.sbi
    2004-05-12 Includes\Security.sbi
    2004-05-12 Includes\Spybots.sbi
    2003-03-16 Includes\Temporary.sbi
    2004-05-12 Includes\Tracks.uti
    2004-05-12 Includes\Trojans.sbi
     
  6. harryleague

    harryleague Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    4
    During the course of this thread, I have complained to eBay about their threat. At first, eBay denied any involvement and redirected me to threat removers like SpyBot and Ad-aware. I disagreed with theirimmediate response and here is their reaction. I thought you might like to see it!

    "Hello Harry,

    Thanks for writing to us. My name is Shawn and I appreciate the
    opportunity to assist you with your DoubleClick concerns.

    I assure you that DoubleClick will not invade your computer, it analyzes
    useage data on eBay so that we can better assist our members.
    DoubleClick is a third party company that eBay employs to manage its
    advertising. If you're having problems accessing the site because of
    DoubleClick, then please contact their customer service and try to
    resolve the problem with this.

    http://www.doubleclick.com/us/contact_us/

    Harry, I wish you the best of luck with all your eBay endeavours and
    thanks for contacting eBay Customer Support. Take care.

    With best regards,

    Shawn C.
    eBay Customer Support
    _____________________________________________

    Important: eBay will not ask you for sensitive personal information
    (such as your password, credit card and bank account numbers, Social
    Security numbers, etc.) in an email. Learn more account protection tips
    at:

    http://www.pages.ebay.com/help/account_protection.html
    _____________________________________________

    For our latest announcements, please check:

    http://www2.ebay.com/aw/announce.shtml
    _____________________________________________

    In order to better serve you, we'd like to occasionally
    request feedback on our service. If you would rather
    not participate, please follow the instructions in the email message you
    will receive from us. Your request will be processed
    within 5 days.

    *******************************************
    9/4/04"


    I wonder if it is in their EULA?
     
Thread Status:
Not open for further replies.