Spbot SD Report

Discussion in 'adware, spyware & hijack cleaning' started by RIFLEMAN, Feb 3, 2004.

Thread Status:
Not open for further replies.
  1. RIFLEMAN

    RIFLEMAN Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    50
    Hello---I am still concerned about something piggybacking a legitimate program on my machine. Can someone take a look at the report and tell me of any suspicious entries? Thank you for your time.

    --- Search result list ---

    --- Spybot-S&D version: 1.2 ---
    2003-11-05 Includes\Cookies.sbi
    2003-11-05 Includes\Dialer.sbi
    2003-12-17 Includes\Hijackers.sbi
    2003-11-11 Includes\Keyloggers.sbi
    2003-12-17 Includes\Malware.sbi
    2003-01-07 Includes\plugin-ignore.ini
    2003-11-12 Includes\QA Tests.sbi
    2003-11-05 Includes\Security.sbi
    2003-12-17 Includes\Spybots.sbi
    2003-11-21 Includes\Temporary.sbi
    2003-11-27 Includes\Tracks.uti
    2003-12-10 Includes\Trojans.sbi


    --- System information ---
    Windows XP (Build: 2600)
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Security Update for Microsoft Data Access Components
    / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
    / Windows Media Player: Windows Media Update 320920
    / Windows Media Player: Windows Media Update 828026
    / Windows XP / SP1: Windows XP Hotfix - KB821557
    / Windows XP / SP1: Windows XP Hotfix - KB823182
    / Windows XP / SP1: Windows XP Hotfix - KB824105
    / Windows XP / SP1: Windows XP Hotfix - KB824141
    / Windows XP / SP1: Windows XP Hotfix - KB824146
    / Windows XP / SP1: Windows XP Hotfix - KB828035
    / Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314862 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
    / Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q328310
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
    / Windows XP / SP2: Windows XP Hotfix - KB823559
    / Windows XP / SP2: Windows XP Hotfix - KB825119
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]


    --- Startup entries list ---
    Spybot-S&D Startup list report, 03/02/2004 12:41:12 PM

    Located: HK_CU:Run, CTFMON.EXE
    file: C:\WINDOWS\System32\ctfmon.exe
    MD5: 85B1054DB58D13AA42D7DCA778C30F57

    Located: HK_CU:Run, SpySweeper
    file: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

    Located: HK_CU:Run, MSMSGS
    file: "C:\Program Files\Messenger\msmsgs.exe" /background

    Located: HK_LM:Run, HPDJ Taskbar Utility
    file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    MD5: EBEE1E613E526663A6EA4B52335F1E34

    Located: HK_LM:Run, AVG_CC
    file: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

    Located: HK_LM:Run, myNetWatchman
    file: C:\Program Files\myNetWatchman\NWClient.exe
    MD5: 9277DB6FDB46142182B8706B364A9A77

    Located: HK_LM:Run, zzzHPSETUP
    file: D:\Setup.exe

    Located: Startup (common), ZoneAlarm.lnk
    file: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    MD5: 9A54C57CDC9140DCE58FE0E7F028F86B



    --- Browser helper object list ---
    Spybot-S&D Browser helper object report, 03/02/2004 12:41:14 PM


    --- ActiveX list ---
    Spybot-S&D ActiveX report, 03/02/2004 12:41:14 PM

    Microsoft XML Parser for Java
    Download location: file://C:\WINDOWS\Java\classes\xmldso.cab
    Name: Microsoft XML Parser for Java
    Version: 1,0,9,2

    {33564D57-9980-0010-8000-00AA00389B71}
    Download location: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
    Last modified: Thu, 12 Dec 2002 21:29:19 GMT
    Version: 0,0,0,1

    {D27CDB6E-AE6D-11CF-96B8-444553540000}
    Class file: Flash.ocx
    Attributes: archive
    Date: 08/12/2003 2:01:58 PM
    MD5: F7E435D02F7A48120B746E33254A70BC
    Path: C:\WINDOWS\System32\macromed\flash\
    Short name:
    Size: 933888 bytes
    Version: 0.7.0.0
    Class name: Shockwave Flash Object
    CLSID database: legitimate software
    Description: Macromedia Shockwave Flash Player
    Download location: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Last modified: Thu, 11 Dec 2003 15:54:18 GMT
    Version: 7,0,19,0


    --- Process list ---
    Spybot-S&D process list report, 03/02/2004 12:41:14 PM

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 424 ( 4) \SystemRoot\System32\smss.exe
    PID: 472 ( 424) csrss.exe
    PID: 496 ( 424) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 540 ( 496) C:\WINDOWS\system32\services.exe
    PID: 552 ( 496) C:\WINDOWS\system32\lsass.exe
    PID: 712 ( 540) C:\WINDOWS\system32\svchost.exe
    PID: 764 ( 540) C:\WINDOWS\System32\svchost.exe
    PID: 928 ( 540) svchost.exe
    PID: 956 ( 540) svchost.exe
    PID: 1044 (1264) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    PID: 1060 ( 540) C:\WINDOWS\system32\spoolsv.exe
    PID: 1216 (1264) C:\Program Files\myNetWatchman\NWClient.exe
    PID: 1264 (1216) C:\WINDOWS\Explorer.EXE
    PID: 1276 (1264) C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    PID: 1328 (1264) C:\WINDOWS\System32\ctfmon.exe
    PID: 1400 (1264) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    PID: 1420 (1264) C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    PID: 1452 (1264) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    PID: 1604 ( 540) alg.exe
    PID: 1624 ( 540) C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    PID: 1700 ( 540) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PID: 1792 ( 496) C:\WINDOWS\System32\taskmgr.exe
    PID: 1820 ( 540) C:\WINDOWS\System32\svchost.exe
    PID: 1968 (1264) C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe


    --- Browser start & search pages list ---
    Spybot-S&D browser pages report, 03/02/2004 12:41:14 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Spybot-S&D winsock LSP report, 03/02/2004 12:41:14 PM

    NS Provider ( 1) Tcpip ({22059D40-7E9E-11CF-AE5A-00AA00A7112B})
    NS Provider ( 2) NTDS ({3B2637EE-E580-11CF-A555-00C04FD8D4AC})
    NS Provider ( 3) Network Location Awareness (NLA) Namespace ({6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83})
    Protocol ( 1) MSAFD Tcpip [TCP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 2) MSAFD Tcpip [UDP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 3) MSAFD Tcpip [RAW/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
    Protocol ( 4) RSVP UDP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
    Protocol ( 5) RSVP TCP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
    Protocol ( 6) MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2A42FA-AAD9-4B81-AD22-F4B28933EA30}] SEQPACKET 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( 7) MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D2A42FA-AAD9-4B81-AD22-F4B28933EA30}] DATAGRAM 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( :cool: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B8E0F8-4ED1-45E6-B795-98F090706ECA}] SEQPACKET 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol ( 9) MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B8E0F8-4ED1-45E6-B795-98F090706ECA}] DATAGRAM 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (10) MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4AAAAE7-5EA9-4D1A-A623-F9BAF0AC04C1}] SEQPACKET 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (11) MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4AAAAE7-5EA9-4D1A-A623-F9BAF0AC04C1}] DATAGRAM 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (12) MSAFD NetBIOS [\Device\NetBT_Tcpip_{636C99C5-533C-4080-9CB8-3EBB8CC92792}] SEQPACKET 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (13) MSAFD NetBIOS [\Device\NetBT_Tcpip_{636C99C5-533C-4080-9CB8-3EBB8CC92792}] DATAGRAM 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (14) MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7E75997-EA11-48EF-8F86-A4D33B8AEF00}] SEQPACKET 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
    Protocol (15) MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7E75997-EA11-48EF-8F86-A4D33B8AEF00}] DATAGRAM 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Why dont you put up your HijackLog mate... maybe it would help experts here to understand your comp better..

    thx
     
Thread Status:
Not open for further replies.