paddym
2008-09-12, 14:20
Thanks for the excellent software.
It may or may not have a small hiccup..............
Vista Ultimate (x64)
IE7 (and FireFox 3.0.1)
Spybot 1.6.0, Updated 12 Sep 2008
Acer/EGIS eDataSecurity is installed.
Problem is found during scan of registry keys.
Direct scan of file using Shell extension ...
Malware - nothing found.
Heuristics - nothing found.
Registry key points to :-
C:\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
File size is 377,392 bytes.
Created date and Modified date matches the eDataSecurity installation date.
Spybot Log ...........
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
ActiveToolBand: [SBI $967824B8] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-09-12 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-10 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-09 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-02 Includes\Spyware.sbi (*)
2008-09-09 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-10 Includes\Trojans.sbi (*)
2008-09-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~2\AVG\AVG8\avgtray.exe
file: C:\PROGRA~2\AVG\AVG8\avgtray.exe
size: 1235736
MD5: B95536F0B568C4476A78966CFA7BA006
Located: HK_LM:Run, eRecoveryService
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, LanguageShortcut
command: "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe
size: 54832
MD5: 2798313DBB6AE778207EB1B1C68A1988
Located: HK_LM:Run, LManager
command: C:\PROGRA~2\LAUNCH~1\LManager.exe
file: C:\PROGRA~2\LAUNCH~1\LManager.exe
size: 858632
MD5: D1638A3F76C8D24731DF8D14F7905101
Located: HK_LM:Run, PLFSetI
command: C:\Windows\PLFSetI.exe
file: C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033FF248550305ED52ED2D2844A8A11B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Google Update
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: "C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
Located: HK_CU:Run, Sidebar
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 1832272
MD5: FFB5BAC9C29303904365640A2E2A6D0C
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-21-1980025829-1603787049-1719627175-1002...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1980025829-1603787049-1719627175-1002...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: Startup (common), Acer VCM.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
file: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
size: 1204224
MD5: AEA9602EF3E2B15E08AA4C198C63A932
Located: Startup (common), Bluetooth.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Empowering Technology Launcher.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Acer\Empowering Technology\eAPLauncher.exe
file: C:\Acer\Empowering Technology\eAPLauncher.exe
size: 535336
MD5: 57554A2CA345734696AF72BEEE28B718
Located: Startup (common), JaBack8.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
file: C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
size: 135168
MD5: 5C9CDBB245B6FAA2B9B11CC779EC03A1
Located: Startup (common), Sizer.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Sizer\sizer.exe
file: C:\Program Files (x86)\Sizer\sizer.exe
size: 18944
MD5: DCDF74ECDE8F3572AEDE1CB3D946D21D
Located: Startup (user), HDD Therm.lnk
where: C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
file: C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
size: 215040
MD5: EBA0A7ED896DCEF64BDAA8584FFE1864
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 23:08:42
Date (last access): 11/09/2008 18:44:46
Date (last write): 22/10/2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files (x86)\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 13/05/2008 03:41:04
Date (last access): 11/09/2008 16:29:30
Date (last write): 01/09/2008 08:23:38
Filesize: 455960
Attributes: archive
MD5: 19A9C541D4EE8E3471B26986D785AB4D
CRC32: 93FD7D83
Version: 8.0.0.152
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/09/2008 10:33:58
Date (last access): 12/09/2008 10:33:58
Date (last write): 07/07/2008 09:41:58
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 24/08/2007 07:01:22
Date (last access): 11/09/2008 17:07:50
Date (last write): 24/08/2007 07:01:22
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 26/07/2008 11:04:50
Date (last access): 11/09/2008 17:03:06
Date (last write): 10/06/2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control)
DPF name:
CLSID name: JpgView Control
Installer:
Codebase: http://81.138.246.40:9081/jpgview.cab
description:
classification: Open for discussion
known filename: JpgView.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: JpgView.ocx
Short name:
Date (created): 26/08/2005 18:21:06
Date (last access): 11/09/2008 19:52:18
Date (last write): 26/08/2005 18:21:06
Filesize: 176128
Attributes: archive
MD5: 7FBB0D2E0BB35AD7618AEA736E268066
CRC32: DFAA85CE
Version: 3.0.5.7
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 17/06/2008 22:44:36
Date (last access): 11/09/2008 17:00:52
Date (last write): 25/03/2008 04:28:02
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 17/06/2008 22:44:36
Date (last access): 11/09/2008 17:00:52
Date (last write): 25/03/2008 04:28:02
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control)
DPF name:
CLSID name: Performance Viewer Activex Control
Installer: C:\Windows\Downloaded Program Files\RACtrl.inf
Codebase: https://secure.logmein.com/activex/ractrl.cab?lmi=100
description:
classification: Legitimate
known filename: RACtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: RACtrl.dll
Short name:
Date (created): 19/05/2008 14:57:06
Date (last access): 11/09/2008 19:52:18
Date (last write): 19/05/2008 14:57:06
Filesize: 2774344
Attributes: archive
MD5: E00AEE83A01F2661FA58CC722B590FA2
CRC32: D4DCF11C
Version: 1.0.0.381
--- Process list ---
PID: 0 ( 0) [System]
PID: 484 (1156) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 178712
MD5: B3E0C20A53D6A55590468B33AA9BC525
PID: 3912 (1156) C:\Windows\PLFSetL.exe
size: 94208
MD5: FB1EEAB5A76A943060DEFA4CCC45143B
PID: 352 (1156) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
PID: 4108 (1156) C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 4232 (1156) C:\Program Files (x86)\Sizer\sizer.exe
size: 18944
MD5: DCDF74ECDE8F3572AEDE1CB3D946D21D
PID: 4580 (4116) C:\Program Files (x86)\Launch Manager\LManager.exe
size: 858632
MD5: D1638A3F76C8D24731DF8D14F7905101
PID: 4588 (4116) C:\Program Files (x86)\AVG\AVG8\avgtray.exe
size: 1235736
MD5: B95536F0B568C4476A78966CFA7BA006
PID: 4600 (4116) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
PID: 4632 (4116) C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 4640 (4116) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
PID: 4880 (4052) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
size: 454704
MD5: 207F4AB4242BFFC8E3E51271EF999B9A
PID: 4956 (4128) C:\Program Files (x86)\Acer\Acer VCM\AcerVCMProxy.exe
size: 249856
MD5: FF65D893DD168201A24200ED820DAA20
PID: 5248 (4128) C:\Program Files (x86)\Acer\Acer VCM\acp2HID.exe
size: 196608
MD5: 4A5E2BC7708A580AFB096CA0C488F7E5
PID: 5676 (4200) C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
size: 135168
MD5: 5C9CDBB245B6FAA2B9B11CC779EC03A1
PID: 5972 (1156) C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
size: 215040
MD5: EBA0A7ED896DCEF64BDAA8584FFE1864
PID: 4872 (5344) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 307712
MD5: A6D64056AD6CA84534143757FD782D7A
PID: 3964 (5352) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
PID: 476 ( 4) smss.exe
PID: 548 ( 536) csrss.exe
PID: 596 ( 536) wininit.exe
size: 96768
PID: 616 ( 604) csrss.exe
PID: 652 ( 596) services.exe
size: 279040
PID: 668 ( 596) lsass.exe
PID: 676 ( 596) lsm.exe
size: 229888
PID: 752 ( 604) winlogon.exe
size: 314880
PID: 864 ( 652) svchost.exe
size: 21504
PID: 928 ( 652) svchost.exe
size: 21504
PID: 964 ( 652) svchost.exe
size: 21504
PID: 296 ( 652) Ati2evxx.exe
PID: 324 ( 652) svchost.exe
size: 21504
PID: 512 ( 652) svchost.exe
size: 21504
PID: 536 ( 652) svchost.exe
size: 21504
PID: 988 ( 324) audiodg.exe
size: 88064
PID: 1036 ( 652) svchost.exe
size: 21504
PID: 1060 ( 652) SLsvc.exe
PID: 1112 ( 652) svchost.exe
size: 21504
PID: 1276 ( 296) Ati2evxx.exe
PID: 1300 ( 652) svchost.exe
size: 21504
PID: 1532 ( 512) wlanext.exe
size: 74240
PID: 1632 ( 652) spoolsv.exe
PID: 1680 ( 652) svchost.exe
size: 21504
PID: 1848 ( 652) avgwdsvc.exe
PID: 1908 ( 652) svchost.exe
size: 21504
PID: 1928 ( 652) eDSService.exe
PID: 1952 ( 652) eLockServ.exe
PID: 1548 ( 652) eNet Service.exe
PID: 2080 ( 652) EvtEng.exe
PID: 2244 ( 652) IAANTmon.exe
PID: 2288 ( 652) LSSrvc.exe
PID: 2312 ( 652) mdm.exe
PID: 2336 ( 652) sqlservr.exe
PID: 2776 ( 652) pg_ctl.exe
PID: 2796 ( 652) svchost.exe
size: 21504
PID: 2832 ( 652) RegSrvc.exe
PID: 2860 (2776) postgres.exe
PID: 2888 ( 652) RichVideo.exe
PID: 2916 ( 652) sqlwriter.exe
PID: 2988 ( 652) svchost.exe
size: 21504
PID: 3020 ( 652) nessusd.exe
PID: 1920 (2860) postgres.exe
PID: 2220 ( 652) winvnc.exe
PID: 2352 (2860) postgres.exe
PID: 2376 (2860) postgres.exe
PID: 2392 (2860) postgres.exe
PID: 2400 (2860) postgres.exe
PID: 2468 ( 652) svchost.exe
size: 21504
PID: 2524 ( 652) SearchIndexer.exe
size: 439808
PID: 2644 ( 652) XAudio64.exe
PID: 2816 ( 652) eRecoveryService.exe
PID: 2144 ( 652) capuserv.exe
PID: 2128 ( 652) ePowerSvc.exe
PID: 3176 ( 864) WmiPrvSE.exe
PID: 3336 ( 864) unsecapp.exe
PID: 3372 ( 864) WmiPrvSE.exe
PID: 3380 (1848) avgrsa.exe
PID: 3444 (2220) winvnc.exe
PID: 3628 ( 536) taskeng.exe
size: 169472
PID: 3680 ( 652) avgemc.exe
PID: 672 ( 536) C:\Windows\System32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 516 ( 512) C:\Windows\System32\dwm.exe
PID: 1156 (3164) C:\Windows\explorer.exe
size: 3080704
MD5: F6D765FB6B457542D954682F50C26E4F
PID: 2224 (1156) C:\Program Files\Windows Defender\MSASCui.exe
size: 1584184
MD5: 48DD40677817CE1053C2315F5A87E0D3
PID: 2564 (1156) C:\Windows\RAVCpl64.exe
size: 5603840
MD5: 913F181781FCAAA62CABDC1197844423
PID: 1900 (1156) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 962048
MD5: 0136EE9C7D6F1E4EF85D4AFB689D21C7
PID: 4052 (1156) C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
size: 551472
MD5: 3A53CF250142FCDC94F35F37B36D2A5B
PID: 364 (1156) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
PID: 4128 (1156) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
size: 1204224
MD5: AEA9602EF3E2B15E08AA4C198C63A932
PID: 4144 (1156) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 1008168
MD5: 7E40879664695D7648AE2B545463495A
PID: 4416 (4248) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: E681281D9BFC9D45D3B72532717E5880
PID: 4532 (4180) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 547840
MD5: 8A9EF3229FD9498B2530E4ED450255ED
PID: 4660 (2564) C:\Users\Paddy\AppData\Local\Temp\RtkBtMnt.exe
size: 304128
MD5: 4C2CB66715CEC255993B1D37CEFC5F80
PID: 4688 (4580) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
size: 79880
MD5: 1C713CCCDC55E7D8B24C75BB2F7DF14C
PID: 4696 (4180) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
size: 323584
MD5: 9C9AAAE0527546B8A25D7BD6521675AA
PID: 4716 (4180) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
size: 617472
MD5: 4733B7D3FD594A30B6F15F927983B38C
PID: 4856 (4416) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 25CA1677AAA3CDC99CD4FCF940886F3C
PID: 5068 ( 364) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
PID: 5952 (1156) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 239104
MD5: B6A7E7F43234BFA6A8E6CC4110CB9448
PID: 5936 ( 652) wmpnetwk.exe
PID: 644 (4580) C:\Program Files\Windows Mail\WinMail.exe
size: 400896
MD5: B51A921F2CA7A068F5025D6EF3C5C8DD
PID: 1568 ( 652) SDWinSec.exe
size: 809296
MD5: 55C1E4FDFD62A48FB5A2CE25F3AA8AE8
PID: 6084 ( 536) C:\Windows\System32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 776 (1156) C:\Windows\regedit.exe
size: 134656
MD5: 467A3B03E924B7B7EDD16D34740574B0
PID: 3196 ( 652) svchost.exe
size: 21504
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/09/2008 12:30:37
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 11: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Namespace Provider 0: @%SystemRoot%\system32\nlasvc.dll,-1000
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\system32\NLAapi.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace
It may or may not have a small hiccup..............
Vista Ultimate (x64)
IE7 (and FireFox 3.0.1)
Spybot 1.6.0, Updated 12 Sep 2008
Acer/EGIS eDataSecurity is installed.
Problem is found during scan of registry keys.
Direct scan of file using Shell extension ...
Malware - nothing found.
Heuristics - nothing found.
Registry key points to :-
C:\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
File size is 377,392 bytes.
Created date and Modified date matches the eDataSecurity installation date.
Spybot Log ...........
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
ActiveToolBand: [SBI $967824B8] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-09-12 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-10 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-09 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-02 Includes\Spyware.sbi (*)
2008-09-09 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-10 Includes\Trojans.sbi (*)
2008-09-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~2\AVG\AVG8\avgtray.exe
file: C:\PROGRA~2\AVG\AVG8\avgtray.exe
size: 1235736
MD5: B95536F0B568C4476A78966CFA7BA006
Located: HK_LM:Run, eRecoveryService
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, LanguageShortcut
command: "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe
size: 54832
MD5: 2798313DBB6AE778207EB1B1C68A1988
Located: HK_LM:Run, LManager
command: C:\PROGRA~2\LAUNCH~1\LManager.exe
file: C:\PROGRA~2\LAUNCH~1\LManager.exe
size: 858632
MD5: D1638A3F76C8D24731DF8D14F7905101
Located: HK_LM:Run, PLFSetI
command: C:\Windows\PLFSetI.exe
file: C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033FF248550305ED52ED2D2844A8A11B
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Google Update
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: "C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
Located: HK_CU:Run, Sidebar
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 1832272
MD5: FFB5BAC9C29303904365640A2E2A6D0C
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1980025829-1603787049-1719627175-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-21-1980025829-1603787049-1719627175-1002...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1980025829-1603787049-1719627175-1002...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: Startup (common), Acer VCM.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
file: C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
size: 1204224
MD5: AEA9602EF3E2B15E08AA4C198C63A932
Located: Startup (common), Bluetooth.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Empowering Technology Launcher.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Acer\Empowering Technology\eAPLauncher.exe
file: C:\Acer\Empowering Technology\eAPLauncher.exe
size: 535336
MD5: 57554A2CA345734696AF72BEEE28B718
Located: Startup (common), JaBack8.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
file: C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
size: 135168
MD5: 5C9CDBB245B6FAA2B9B11CC779EC03A1
Located: Startup (common), Sizer.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Sizer\sizer.exe
file: C:\Program Files (x86)\Sizer\sizer.exe
size: 18944
MD5: DCDF74ECDE8F3572AEDE1CB3D946D21D
Located: Startup (user), HDD Therm.lnk
where: C:\Users\Paddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
file: C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
size: 215040
MD5: EBA0A7ED896DCEF64BDAA8584FFE1864
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 23:08:42
Date (last access): 11/09/2008 18:44:46
Date (last write): 22/10/2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files (x86)\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 13/05/2008 03:41:04
Date (last access): 11/09/2008 16:29:30
Date (last write): 01/09/2008 08:23:38
Filesize: 455960
Attributes: archive
MD5: 19A9C541D4EE8E3471B26986D785AB4D
CRC32: 93FD7D83
Version: 8.0.0.152
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/09/2008 10:33:58
Date (last access): 12/09/2008 10:33:58
Date (last write): 07/07/2008 09:41:58
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 24/08/2007 07:01:22
Date (last access): 11/09/2008 17:07:50
Date (last write): 24/08/2007 07:01:22
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 26/07/2008 11:04:50
Date (last access): 11/09/2008 17:03:06
Date (last write): 10/06/2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control)
DPF name:
CLSID name: JpgView Control
Installer:
Codebase: http://81.138.246.40:9081/jpgview.cab
description:
classification: Open for discussion
known filename: JpgView.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: JpgView.ocx
Short name:
Date (created): 26/08/2005 18:21:06
Date (last access): 11/09/2008 19:52:18
Date (last write): 26/08/2005 18:21:06
Filesize: 176128
Attributes: archive
MD5: 7FBB0D2E0BB35AD7618AEA736E268066
CRC32: DFAA85CE
Version: 3.0.5.7
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 17/06/2008 22:44:36
Date (last access): 11/09/2008 17:00:52
Date (last write): 25/03/2008 04:28:02
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 17/06/2008 22:44:36
Date (last access): 11/09/2008 17:00:52
Date (last write): 25/03/2008 04:28:02
Filesize: 509328
Attributes: archive
MD5: CA1E733B9B003530C38390EDF7E05B61
CRC32: 980493E3
Version: 6.0.60.2
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 11/09/2008 17:03:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control)
DPF name:
CLSID name: Performance Viewer Activex Control
Installer: C:\Windows\Downloaded Program Files\RACtrl.inf
Codebase: https://secure.logmein.com/activex/ractrl.cab?lmi=100
description:
classification: Legitimate
known filename: RACtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: RACtrl.dll
Short name:
Date (created): 19/05/2008 14:57:06
Date (last access): 11/09/2008 19:52:18
Date (last write): 19/05/2008 14:57:06
Filesize: 2774344
Attributes: archive
MD5: E00AEE83A01F2661FA58CC722B590FA2
CRC32: D4DCF11C
Version: 1.0.0.381
--- Process list ---
PID: 0 ( 0) [System]
PID: 484 (1156) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 178712
MD5: B3E0C20A53D6A55590468B33AA9BC525
PID: 3912 (1156) C:\Windows\PLFSetL.exe
size: 94208
MD5: FB1EEAB5A76A943060DEFA4CCC45143B
PID: 352 (1156) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
PID: 4108 (1156) C:\Users\Paddy\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 4232 (1156) C:\Program Files (x86)\Sizer\sizer.exe
size: 18944
MD5: DCDF74ECDE8F3572AEDE1CB3D946D21D
PID: 4580 (4116) C:\Program Files (x86)\Launch Manager\LManager.exe
size: 858632
MD5: D1638A3F76C8D24731DF8D14F7905101
PID: 4588 (4116) C:\Program Files (x86)\AVG\AVG8\avgtray.exe
size: 1235736
MD5: B95536F0B568C4476A78966CFA7BA006
PID: 4600 (4116) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2AC7F8B8BF0D5D327A3A2A00453222C4
PID: 4632 (4116) C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 4640 (4116) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
PID: 4880 (4052) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
size: 454704
MD5: 207F4AB4242BFFC8E3E51271EF999B9A
PID: 4956 (4128) C:\Program Files (x86)\Acer\Acer VCM\AcerVCMProxy.exe
size: 249856
MD5: FF65D893DD168201A24200ED820DAA20
PID: 5248 (4128) C:\Program Files (x86)\Acer\Acer VCM\acp2HID.exe
size: 196608
MD5: 4A5E2BC7708A580AFB096CA0C488F7E5
PID: 5676 (4200) C:\Program Files (x86)\JaBack8\jre\bin\javaw.exe
size: 135168
MD5: 5C9CDBB245B6FAA2B9B11CC779EC03A1
PID: 5972 (1156) C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
size: 215040
MD5: EBA0A7ED896DCEF64BDAA8584FFE1864
PID: 4872 (5344) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 307712
MD5: A6D64056AD6CA84534143757FD782D7A
PID: 3964 (5352) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
PID: 476 ( 4) smss.exe
PID: 548 ( 536) csrss.exe
PID: 596 ( 536) wininit.exe
size: 96768
PID: 616 ( 604) csrss.exe
PID: 652 ( 596) services.exe
size: 279040
PID: 668 ( 596) lsass.exe
PID: 676 ( 596) lsm.exe
size: 229888
PID: 752 ( 604) winlogon.exe
size: 314880
PID: 864 ( 652) svchost.exe
size: 21504
PID: 928 ( 652) svchost.exe
size: 21504
PID: 964 ( 652) svchost.exe
size: 21504
PID: 296 ( 652) Ati2evxx.exe
PID: 324 ( 652) svchost.exe
size: 21504
PID: 512 ( 652) svchost.exe
size: 21504
PID: 536 ( 652) svchost.exe
size: 21504
PID: 988 ( 324) audiodg.exe
size: 88064
PID: 1036 ( 652) svchost.exe
size: 21504
PID: 1060 ( 652) SLsvc.exe
PID: 1112 ( 652) svchost.exe
size: 21504
PID: 1276 ( 296) Ati2evxx.exe
PID: 1300 ( 652) svchost.exe
size: 21504
PID: 1532 ( 512) wlanext.exe
size: 74240
PID: 1632 ( 652) spoolsv.exe
PID: 1680 ( 652) svchost.exe
size: 21504
PID: 1848 ( 652) avgwdsvc.exe
PID: 1908 ( 652) svchost.exe
size: 21504
PID: 1928 ( 652) eDSService.exe
PID: 1952 ( 652) eLockServ.exe
PID: 1548 ( 652) eNet Service.exe
PID: 2080 ( 652) EvtEng.exe
PID: 2244 ( 652) IAANTmon.exe
PID: 2288 ( 652) LSSrvc.exe
PID: 2312 ( 652) mdm.exe
PID: 2336 ( 652) sqlservr.exe
PID: 2776 ( 652) pg_ctl.exe
PID: 2796 ( 652) svchost.exe
size: 21504
PID: 2832 ( 652) RegSrvc.exe
PID: 2860 (2776) postgres.exe
PID: 2888 ( 652) RichVideo.exe
PID: 2916 ( 652) sqlwriter.exe
PID: 2988 ( 652) svchost.exe
size: 21504
PID: 3020 ( 652) nessusd.exe
PID: 1920 (2860) postgres.exe
PID: 2220 ( 652) winvnc.exe
PID: 2352 (2860) postgres.exe
PID: 2376 (2860) postgres.exe
PID: 2392 (2860) postgres.exe
PID: 2400 (2860) postgres.exe
PID: 2468 ( 652) svchost.exe
size: 21504
PID: 2524 ( 652) SearchIndexer.exe
size: 439808
PID: 2644 ( 652) XAudio64.exe
PID: 2816 ( 652) eRecoveryService.exe
PID: 2144 ( 652) capuserv.exe
PID: 2128 ( 652) ePowerSvc.exe
PID: 3176 ( 864) WmiPrvSE.exe
PID: 3336 ( 864) unsecapp.exe
PID: 3372 ( 864) WmiPrvSE.exe
PID: 3380 (1848) avgrsa.exe
PID: 3444 (2220) winvnc.exe
PID: 3628 ( 536) taskeng.exe
size: 169472
PID: 3680 ( 652) avgemc.exe
PID: 672 ( 536) C:\Windows\System32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 516 ( 512) C:\Windows\System32\dwm.exe
PID: 1156 (3164) C:\Windows\explorer.exe
size: 3080704
MD5: F6D765FB6B457542D954682F50C26E4F
PID: 2224 (1156) C:\Program Files\Windows Defender\MSASCui.exe
size: 1584184
MD5: 48DD40677817CE1053C2315F5A87E0D3
PID: 2564 (1156) C:\Windows\RAVCpl64.exe
size: 5603840
MD5: 913F181781FCAAA62CABDC1197844423
PID: 1900 (1156) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 962048
MD5: 0136EE9C7D6F1E4EF85D4AFB689D21C7
PID: 4052 (1156) C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
size: 551472
MD5: 3A53CF250142FCDC94F35F37B36D2A5B
PID: 364 (1156) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
PID: 4128 (1156) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
size: 1204224
MD5: AEA9602EF3E2B15E08AA4C198C63A932
PID: 4144 (1156) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 1008168
MD5: 7E40879664695D7648AE2B545463495A
PID: 4416 (4248) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: E681281D9BFC9D45D3B72532717E5880
PID: 4532 (4180) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 547840
MD5: 8A9EF3229FD9498B2530E4ED450255ED
PID: 4660 (2564) C:\Users\Paddy\AppData\Local\Temp\RtkBtMnt.exe
size: 304128
MD5: 4C2CB66715CEC255993B1D37CEFC5F80
PID: 4688 (4580) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
size: 79880
MD5: 1C713CCCDC55E7D8B24C75BB2F7DF14C
PID: 4696 (4180) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
size: 323584
MD5: 9C9AAAE0527546B8A25D7BD6521675AA
PID: 4716 (4180) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
size: 617472
MD5: 4733B7D3FD594A30B6F15F927983B38C
PID: 4856 (4416) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 25CA1677AAA3CDC99CD4FCF940886F3C
PID: 5068 ( 364) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1555968
MD5: 5213EB5405A886A9B4FED6724C392C07
PID: 5952 (1156) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 239104
MD5: B6A7E7F43234BFA6A8E6CC4110CB9448
PID: 5936 ( 652) wmpnetwk.exe
PID: 644 (4580) C:\Program Files\Windows Mail\WinMail.exe
size: 400896
MD5: B51A921F2CA7A068F5025D6EF3C5C8DD
PID: 1568 ( 652) SDWinSec.exe
size: 809296
MD5: 55C1E4FDFD62A48FB5A2CE25F3AA8AE8
PID: 6084 ( 536) C:\Windows\System32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 776 (1156) C:\Windows\regedit.exe
size: 134656
MD5: 467A3B03E924B7B7EDD16D34740574B0
PID: 3196 ( 652) svchost.exe
size: 21504
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/09/2008 12:30:37
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 11: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Namespace Provider 0: @%SystemRoot%\system32\nlasvc.dll,-1000
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\system32\NLAapi.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace