Nope.
Nope, no problems. Is my pc clear?
If so, then thank you so very, very much. You people are real saints, and as soon as I have money again, I shall make a donation.
BTW, is there a free antivirus package better than Symantec that you are aware of? Is there anything else I can do that you can recommend to prevent this from happening in the future?
Your antivirus is fine, no need to change it
No antivirus can find all threats.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt and save it to desktop.
- Double-click OTCleanIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
- Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide
Re-enable system restore with instructions from tutorial above
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Follow this list and your potential for being infected again will reduce dramatically.
- Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide
Malwarebytes' Anti-Malware Scanning Guide
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Here are some additional utilities that will enhance your safety
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
Happy surfing and stay clean!
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Actually, yes.
Virtumonde is still coming up along with other red entries in Spybot. And this is the only website I have been going to. It says it's hard to get rid of, which I believe as I have deleted it before, and that you can help me. I'm going to leave the scan up, and not fix it until you reply. I have another pc I can access the internet with if neccessary, as Spybot says something about having to disconnect from the internet. Please let me know what I should do.
Please post then spybot report next
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
It's too big, of all the things spybot reports on, what don't you want me to send?
Here is just the search results.
--- Search result list ---
Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\fias4013
AdRevolver: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
Common Dialogs: History (73 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe Photoshop 7.0: [SBI $5457839C] Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Adobe\Photoshop\7.0\VisitedDirs\STARTUPIMAGEDIRECTORY
Internet Explorer: [SBI $1E8157BE] Typed URL list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Internet Explorer\Download Directory
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir
MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Office 12.0: [SBI $31A61065] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Excel\File MRU
MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (44 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\PowerPoint\File MRU
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (51 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Word\File MRU
MS Paint: [SBI $07867C39] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Search Assistant\ACMru
MS Windows Backup 5.0: [SBI $9CE336F6] Last created backup set (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Ntbackup\Hardware\Logical Disk File
MS Windows Backup 5.0: [SBI $E1E8C3AC] Backup logs history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Ntbackup\Log Files
Windows: [SBI $A05E8135] Install locations (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\InstallLocationsMRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (146 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (19 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (201 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: [SBI $49804B54] Cookie (254) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (141) (Cache, nothing done)
History: [SBI $49804B54] History (1564) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (198) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-09-16 TeaTimer.exe (1.6.3.25)
2006-07-28 unins000.exe (51.41.0.0)
2008-02-22 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Go to Start > Run
Type regedit and click OK.
- On the leftside, click to highlight My Computer at the top.
- Go up to "File > Export"
- Make sure in that window there is a tick next to "All" under Export Branch.
- Leave the "Save As Type" as "Registration Files".
- Under "Filename" put backup
- Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
- Click Save and then go to File > Exit.
Open Notepad and copy the contents of the following box to a new file.
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.Code:Windows Registry Editor Version 5.00 [-HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\fias4013]
It should look like this ->
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
Reboot.
Re-scan with spybot.
Post back a fres spybot log, please.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Virtumonde gone!! Alright!
--- Search result list ---
AdRevolver: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: Alexa) (Cookie, nothing done)
Common Dialogs: History (75 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe Photoshop 7.0: [SBI $5457839C] Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Adobe\Photoshop\7.0\VisitedDirs\STARTUPIMAGEDIRECTORY
Internet Explorer: [SBI $1E8157BE] Typed URL list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Internet Explorer\Download Directory
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir
MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 11.0 (Document Imaging): [SBI $1E04F9F2] Persistent filename list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MSPaper 11.0\Persist File Name
MS Office 11.0 (Document Imaging): [SBI $8D4B9B9B] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\MSPaper 11.0\Recent File List
MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\11.0\Excel\Recent Files
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\11.0\Word\Data\Settings
MS Office 12.0: [SBI $31A61065] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Excel\File MRU
MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (44 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\PowerPoint\File MRU
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (51 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Office\12.0\Word\File MRU
MS Paint: [SBI $07867C39] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Search Assistant\ACMru
MS Windows Backup 5.0: [SBI $9CE336F6] Last created backup set (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Ntbackup\Hardware\Logical Disk File
MS Windows Backup 5.0: [SBI $E1E8C3AC] Backup logs history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Ntbackup\Log Files
Windows: [SBI $A05E8135] Install locations (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\InstallLocationsMRU
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (146 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (19 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (199 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (14 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3004643638-4040985242-2527695601-1005\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: [SBI $49804B54] Cookie (254) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (224) (Cache, nothing done)
History: [SBI $49804B54] History (1574) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (198) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-09-16 TeaTimer.exe (1.6.3.25)
2006-07-28 unins000.exe (51.41.0.0)
2008-02-22 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53408
MD5: F8E083AD7ED601B71C84AEC35BE6AE40
Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6
Located: HK_LM:Run, DLA
command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
Located: HK_LM:Run, DMXLauncher
command: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
file: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
size: 94208
MD5: C24B51FAF9BAAEF67C484D60866693B1
Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
Located: HK_LM:Run, hplampc
command: C:\WINDOWS\system32\hplampc.exe
file: C:\WINDOWS\system32\hplampc.exe
size: 40448
MD5: 1C44759BB19C6CBE15DAD5286CADD551
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 82ADC58B63E069AC4641A33EA9841E54
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: A0E2FFB7B0FCE82AA3BCC3105306C45C
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 5656D65A9A9F1E3D68D64A350CFF1732
Located: HK_LM:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 249856
MD5: 9E109B03018763FDCB075CE74547BE22
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 289576
MD5: A7FA648719063B234A434A089FC0F49D
Located: HK_LM:Run, medicsp2
command: C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
file: C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
size: 198184
MD5: 2E73DF74A297EE6B91C4F57B9BD84317
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 6CD5C3276C83F72677D647F27EE14ABD
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\SYMANT~2\\vptray.exe
file: C:\PROGRA~1\SYMANT~1\SYMANT~2\\vptray.exe
size: 124656
MD5: EB4CAF48452A80C11BC513C35E586C8B
Located: HK_LM:Run, Acrobat Assistant 7.0 (DISABLED)
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: FBD06A45DB2D543EFD932768029EC5F2
Located: HK_LM:Run, Google Desktop Search (DISABLED)
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1836544
MD5: E3CAEA4C0864E9E0E05E4CD8E7432EBE
Located: HK_LM:Run, GrooveMonitor (DISABLED)
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C
Located: HK_LM:Run, MSKDetectorExe (DISABLED)
command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
file: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
size: 1121792
MD5: A5F0EF1A69F6707F27E53EE54B8F8AC4
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 9493BFFB9F82EFEC742F5C56A279BD5B
Located: HK_LM:Run, PDF4 Registry Controller (DISABLED)
command: "C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe"
file: C:\Program Files\ScanSoft\PDF Converter 4\\RegistryController.exe
size: 40960
MD5: FE51D962B75031C2E8099666F2FA174E
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 6CD5C3276C83F72677D647F27EE14ABD
Located: HK_LM:Run, SSBkgdUpdate (DISABLED)
command: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 155648
MD5: 1C3CA3E7807F915933BB4E08E599DDAB
Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, swg
where: S-1-5-21-3004643638-4040985242-2527695601-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0
Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
Located: Startup (common), Service Manager.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
Located: Startup (common), Windows Desktop Search.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 257752
MD5: CFBD142459389EFD5C5F27CD913C2564
Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Documents and Settings\Alexa\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681
Located: Startup (disabled), Microsoft Office Groove.lnk (DISABLED)
command: C:\Documents and Settings\Alexa\Start Menu\Programs\Startup\Microsoft Office Groove.lnk.disabled
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 6/9/2006 6:31:20 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 9/8/2005 4:20:00 AM
Filesize: 110652
Attributes: archive
MD5: 8EF6619212E5500022AB22FF11E68D3B
CRC32: 132215F0
Version: 5.20.8.0
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 10:30:18 AM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 9/20/2007 10:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 9/7/2006 10:29:54 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 8/14/2006 4:17:20 PM
Filesize: 2022464
Attributes: readonly archive
MD5: CA2D856083DB504D0441E2AA404C27A2
CRC32: 9639044B
Version: 4.0.1019.5764
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\
Long name: swg.dll
Short name:
Date (created): 10/9/2008 11:25:06 AM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 10/9/2008 11:25:06 AM
Filesize: 737776
Attributes: archive
MD5: AB32387A8F8C696A0739768B6B913714
CRC32: F4E76414
Version: 3.1.807.1746
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10/19/2007 11:20:48 AM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 10/19/2007 11:20:48 AM
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CBrowserHelperObject Object
Path: c:\Program Files\BAE\
Long name: BAE.dll
Short name:
Date (created): 6/9/2006 6:31:46 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 2/22/2006 6:00:30 PM
Filesize: 94208
Attributes: archive
MD5: 7100C083D0C180109376C373F862BF6C
CRC32: 6BC60F66
Version: 1.1.0.1
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/5/2008 1:29:08 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 11/5/2008 1:29:08 PM
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 11/5/2008 1:29:10 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 11/5/2008 1:29:10 PM
Filesize: 73728
Attributes: archive
MD5: 8F206275452A3668097A7A26F62A7127
CRC32: 44B85557
Version: 6.0.100.33
--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf
Codebase: https://support.dell.com/systemprofiler/SysPro.CAB
description:
classification: Legitimate
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=58813
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 3/5/2007 12:34:28 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 3/5/2007 12:34:28 PM
Filesize: 676224
Attributes: archive
MD5: B221B218126BC9409257F39837BAB90C
CRC32: 60F920AA
Version: 1.6.21.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/downlo...eckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 5/17/2006 10:23:38 AM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 3/20/2008 5:06:36 PM
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeup...tent/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 11/17/2005 10:12:26 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 3/17/2008 1:49:26 PM
Filesize: 524288
Attributes: archive
MD5: 8AB9D74AA60B0BCC5184321320FB68B1
CRC32: 2FD0643C
Version: 12.0.5557.1000
{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onecare.live.com/res...lscbase370.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 1/21/2008 8:34:22 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 1/21/2008 8:34:22 PM
Filesize: 465472
Attributes: archive
MD5: 66D7300A615CA949EF495270D2DA15E2
CRC32: B3EEF44F
Version: 1.7.370.1
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/S.../bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 5/17/2006 1:32:42 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 5/17/2006 1:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab)
DPF name: System Requirements Lab
CLSID name: System Requirements Lab Class
Installer:
Codebase: http://www.nvidia.com/content/Driver...sysreqlab2.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: sysreqlab2.dll
Short name: SYSREQ~1.DLL
Date (created): 3/29/2007 10:07:12 AM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 3/29/2007 10:07:12 AM
Filesize: 206384
Attributes: archive
MD5: ED3B0F1BA60554B9D2E5AE1B02AD9306
CRC32: E2F1D780
Version: 2.30.0.0
{6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class)
DPF name:
CLSID name: HpProductDetection Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
description:
classification: Legitimate
known filename: HPDeviceDetection.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\HP\Common\
Long name: HPDeviceDetection.dll
Short name: HPDEVI~1.DLL
Date (created): 3/28/2008 5:43:30 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 3/28/2008 5:43:30 PM
Filesize: 529712
Attributes: archive
MD5: 89C14306B7BE8BBD1F14D6F40BEC0736
CRC32: 90C876C8
Version: 4.0.9.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsof...?1170297346062
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 7/18/2008 9:07:32 PM
Filesize: 210976
Attributes: archive
MD5: C5F2BE2C84D119CCE6DB901EA49D1528
CRC32: D65E48EB
Version: 7.2.6001.784
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u10.inf
Codebase: http://sdlc-esd.sun.com/ESD5/JSCDL/j...ws-i586-jc.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/5/2008 1:29:08 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/5/2008 1:29:08 PM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeup...tent/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 11/17/2005 10:12:26 PM
Date (last access): 11/8/2008 3:44:06 AM
Date (last write): 3/17/2008 1:49:26 PM
Filesize: 524288
Attributes: archive
MD5: 8AB9D74AA60B0BCC5184321320FB68B1
CRC32: 2FD0643C
Version: 12.0.5557.1000
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 4:48:18 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/19/2003 4:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 2:09:16 AM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 12/15/2006 2:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 1:32:34 AM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/5/2008 1:29:08 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/5/2008 1:29:08 PM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/5/2008 1:29:08 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/5/2008 1:29:08 PM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33
{E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control)
DPF name:
CLSID name: Dell PC Checkup Installer Control
Installer: C:\WINDOWS\Downloaded Program Files\gtdownde_110.inf
Codebase: http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
description:
classification: Legitimate
known filename: GTDownDE_87.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: gtdownde_110.ocx
Short name: GTDOWN~1.OCX
Date (created): 11/25/2004 2:15:00 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/25/2004 2:15:00 PM
Filesize: 184320
Attributes: archive
MD5: D05E2AB470D3C1A88635A54A14FE5D76
CRC32: 1B7FFDAE
Version: 1.0.0.110
{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Installer: C:\WINDOWS\Downloaded Program Files\qdiagh.inf
Codebase: http://h20264.www2.hp.com/ediags/hpf...qdiagh.cab?326
description:
classification: Legitimate
known filename: qdiagh.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: qdiagh.ocx
Short name:
Date (created): 11/30/2004 1:10:08 PM
Date (last access): 11/8/2008 3:44:08 AM
Date (last write): 11/30/2004 1:10:08 PM
Filesize: 824416
Attributes: archive
MD5: F74D5AEFB89DEDC35B2295ED424A7CDF
CRC32: 25AD1A25
Version: 1.0.1.326
--- Process list ---
PID: 0 ( 0) [System]
PID: 612 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 652 ( 612) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 676 ( 612) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 720 ( 676) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 732 ( 676) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 920 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1028 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1128 ( 720) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1236 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1384 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1456 ( 720) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 324318BD026AA58E3EA8C23647ADE1C3
PID: 1952 ( 720) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: C5F0C1FFF968E9D143F62075CBD8ED60
PID: 156 ( 720) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 202400
MD5: 29A99B39E092B2160075F1EFA71F11E8
PID: 204 ( 720) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
size: 87728
MD5: 18C6B63D3594EE6356AFE9DF53A85696
PID: 252 ( 720) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 214720
MD5: C5F415BB02EE89CDE1B6CEE3538F424B
PID: 408 ( 720) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: DABD8523D9B60CE6513653DFD8B96C1B
PID: 560 ( 720) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1420 (1292) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1848 ( 720) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 116040
MD5: F293992F9CEEF6EA00CE52C3094E59E9
PID: 1868 ( 720) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
PID: 1892 ( 720) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
size: 30448
MD5: 6A0A8FE766943DE793E6F03F4FE882DD
PID: 1104 ( 720) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 5FD5865DC1A2100F8D4CF000EE5409A3
PID: 1196 ( 720) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1468 (1420) C:\Program Files\Dell\Media Experience\DMXLauncher.exe
size: 94208
MD5: C24B51FAF9BAAEF67C484D60866693B1
PID: 1540 (1420) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187
PID: 1636 (1420) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
PID: 1648 (1420) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 1656 ( 720) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
size: 9154560
MD5: 10E335538DE3287127406D11C3BB6A65
PID: 1836 (1420) C:\PROGRA~1\SYMANT~1\SYMANT~2\vptray.exe
size: 124656
MD5: EB4CAF48452A80C11BC513C35E586C8B
PID: 2056 (1420) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 2068 ( 720) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 472A00D2183C9E5EDB3E076272741812
PID: 2124 (1420) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6
PID: 2200 ( 720) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
size: 201968
MD5: 777115C9CC675BD98127660712D2F784
PID: 2280 (1420) C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
size: 198184
MD5: 2E73DF74A297EE6B91C4F57B9BD84317
PID: 2344 ( 720) C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
size: 202280
MD5: 97926EFA3179A0525A3F8D7CA4ECE225
PID: 2352 (1420) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
PID: 2372 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2384 ( 720) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
size: 1799408
MD5: 8B3550214824ABF244D1E27E2A300990
PID: 2476 (1420) C:\Program Files\iTunes\iTunesHelper.exe
size: 289576
MD5: A7FA648719063B234A434A089FC0F49D
PID: 2576 (1420) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53408
MD5: F8E083AD7ED601B71C84AEC35BE6AE40
PID: 2620 ( 720) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
size: 165552
MD5: AE3EB101FFE15CCF56CAF13C2CD83D40
PID: 2804 (1420) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 3208 (1420) C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
PID: 3256 (1420) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 3368 (1420) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
PID: 3468 (1420) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681
PID: 3704 (3256) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 1896 ( 720) C:\Program Files\iPod\bin\iPodService.exe
size: 536872
MD5: 3E1544C58548E3332C3F11768BEDE52E
PID: 1304 ( 720) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1164 (1128) C:\WINDOWS\system32\wuauclt.exe
size: 53448
MD5: D316E28958873859B88D72CF47AD1EA5
PID: 864 (1420) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 3008 (1420) C:\Program Files\Internet Explorer\iexplore.exe
size: 635848
MD5: 1F03216084447F990AE797317D0A6E70
PID: 1980 ( 920) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 118336
MD5: 7FA0AA2F3DABA5BEB2C4AC1EEC054EFA
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/8/2008 3:44:36 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://verizon.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Yes, it looks good
Still some concerns?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
No more concerns.
Thank you, bless you and the people at spybot. You have earned my undying gratitude!
Great.
I hope that you stay clean in the future
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Posting Permissions
