sssmiley
2009-07-19, 03:16
Hi,
I first posted a thread in the malware section which can be found http://forums.spybot.info/showthread.php?t=19117 here.
Blade 81 told me that the file C:\WINXP\system32\zipfldr.dll appears to be a false positive.
Here is my Spybot S&D report:
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2005-09-13 unins000.exe (51.41.0.0)
2008-06-23 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-05-19 Includes\Adware.sbi
2009-07-14 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-07-14 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-07-14 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-14 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-07-14 Includes\Malware.sbi
2009-07-14 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-07-14 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-06-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-07-07 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-07-14 Includes\Trojans.sbi
2009-07-14 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Update for Windows XP (KB942763)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Update for Windows XP (KB951618-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
Located: HK_LM:Run, Bart Station
command: C:\Program Files\PeoplePC\ISP7300\BIN\PPCOLink.exe -STATION
file: C:\Program Files\PeoplePC\ISP7300\BIN\PPCOLink.exe
size: 25944
MD5: D99C6789263B0B13C4C98D22D4F33836
Located: HK_LM:Run, DLA
command: C:\WINXP\System32\DLA\DLACTRLW.EXE
file: C:\WINXP\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: 5B1D53E352DB12E14987DECDE1B17906
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
Located: HK_LM:Run, DwlClient
command: C:\Program Files\Common Files\Dell\EUSW\Support.exe
file: C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 323584
MD5: 27B68F137ED4C85FF92DB98231BF11ED
Located: HK_LM:Run, IDTSysTrayApp
command: sttray.exe
file: C:\WINXP\sttray.exe
size: 405504
MD5: 394FE85B1D45F96E1E63D2E5AAB938D2
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINXP\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
Located: HK_CU:Run, DellSupport
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, ctfmon.exe
where: PE_C_STEVE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SUPERAntiSpyware
where: PE_C_STEVE...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1510640
MD5: 43AFD0E4A75848914DB72C53A393733B
Located: HK_CU:RunOnce, TSClientAXDisabler
where: PE_C_STEVE...
command: cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
file: C:\WINXP\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: PE_C_STEVE...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINXP\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-507921405-117609710-839522115-1003...
command: C:\WINXP\system32\ctfmon.exe
file: C:\WINXP\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-507921405-117609710-839522115-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-507921405-117609710-839522115-1003...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
Located: Startup (common), Service Manager.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
Located: Startup (common), Windows Search.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 6/18/2008 10:29:26 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 6/15/2009 10:28:38 PM
Filesize: 312928
Attributes: archive
MD5: E5D9E4D177DAD33EAC64A88C8ED0F8E2
CRC32: 1EFFE9F1
Version: 1.0.1.206
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/13/2005 7:40:36 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINXP\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 9/12/2008 7:13:42 PM
Date (last access): 7/18/2009 6:02:44 PM
Date (last write): 11/7/2005 5:20:00 AM
Filesize: 110652
Attributes: archive
MD5: A68BD98A43710FE5D19C92158E341F0C
CRC32: A34F395A
Version: 5.20.12.0
{656EC4B7-072B-4698-B504-2A414C1F0037} (Accelerator Plugin)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Accelerator Plugin
description: Propel PopupBlocker,
classification: Legitimate
known filename: prpl_IePopupBlocker.dll
info link: http://www.propel.com/ac/block.jsp
info source: TonyKlein
Path: C:\PROGRA~1\PEOPLE~1\
Long name: prpl_IePopupBlocker.dll
Short name: PRPL_I~1.DLL
Date (created): 2/20/2008 6:14:48 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 2/20/2008 6:14:48 PM
Filesize: 165400
Attributes: archive
MD5: 272470F9A2D3305AD1194FCC0B01DBE4
CRC32: EF476326
Version: 6.1.2.1011
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2/17/2009 4:11:04 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 2/17/2009 4:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{A8FB8EB3-183B-4598-924D-86F0E5E37085} (PeoplePal Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: PeoplePal Toolbar
Path: C:\Program Files\PeoplePC\Toolbar\
Long name: PPCToolbar_7.2.0.0.dll
Short name: PPCTOO~2.DLL
Date (created): 7/14/2009 5:03:24 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 5:03:24 PM
Filesize: 235864
Attributes: archive
MD5: 11058FA1C2D6CBC7B8B6906C8A4D3B9B
CRC32: 15B5A9E1
Version: 7.2.0.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 41368
Attributes: archive
MD5: 192E39C717013A0BD532B33AC29D6E7D
CRC32: 6D4D2A2E
Version: 6.0.140.8
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 7/14/2009 1:00:26 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 1:00:26 PM
Filesize: 73728
Attributes: archive
MD5: 9A0CA264EC3210E77764C45AD7C5F339
CRC32: A8965ADA
Version: 6.0.140.8
--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINXP\Downloaded Program Files\SysPro.inf
Codebase: http://support.dell.com/systemprofiler/SysPro.CAB
description:
classification: Legitimate
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 7/15/2009 9:29:58 AM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINXP\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
Path: C:\WINXP\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 2/4/2008 6:23:10 PM
Date (last access): 7/18/2009 3:11:30 AM
Date (last write): 2/4/2008 6:23:10 PM
Filesize: 693792
Attributes: archive
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINXP\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212268998159
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 7:18:34 PM
Date (last access): 7/18/2009 3:11:30 AM
Date (last write): 10/16/2008 2:06:48 PM
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/15/2009 9:29:58 AM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINXP\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINXP\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\
Long name: opuc.dll
Short name:
Date (created): 5/29/2008 12:26:02 AM
Date (last access): 7/18/2009 3:08:40 AM
Date (last write): 5/29/2008 12:26:02 AM
Filesize: 524288
Attributes: archive
MD5: B3FB3D258C837F3A5EE855B241C1BFC7
CRC32: DA4B8FDE
Version: 12.0.5568.1000
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:08:54 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:08:54 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINXP\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\WINXP\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 5/16/2007 8:22:06 AM
Date (last access): 7/15/2009 9:30:00 AM
Date (last write): 5/16/2007 8:22:06 AM
Filesize: 166512
Attributes: archive
MD5: 9BCFC46ECA1BF28E039ECCE2D331086E
CRC32: A9C6ED85
Version: 1.2.2.50
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINXP\Downloaded Program Files\swflash.inf
Codebase: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINXP\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 7:07:18 PM
Date (last access): 7/18/2009 2:09:18 PM
Date (last write): 2/2/2009 7:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Path: C:\WINXP\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~1.DLL
Date (created): 7/23/2008 10:32:50 AM
Date (last access): 7/18/2009 3:04:54 AM
Date (last write): 7/23/2008 10:33:20 AM
Filesize: 366296
Attributes: archive
MD5: 5390A5761F8ED49464702C1A91586820
CRC32: 39AE0E17
Version: 1.0.0.11
--- Process list ---
PID: 0 ( 0) [System]
PID: 608 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 656 ( 608) \??\C:\WINXP\system32\csrss.exe
size: 6144
PID: 680 ( 608) \??\C:\WINXP\system32\winlogon.exe
size: 507904
PID: 724 ( 680) C:\WINXP\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 736 ( 680) C:\WINXP\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 932 ( 724) C:\WINXP\system32\Ati2evxx.exe
size: 360448
MD5: 68CCF9573DF16BCE2236E07C430E607D
PID: 948 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1028 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1124 ( 724) C:\WINXP\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1224 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1408 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1476 ( 724) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: B4253776EE034F6770FCEE32C28490B0
PID: 1536 ( 724) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 62889D40A3FB1A9012428E16FE0DC67A
PID: 1728 (1668) C:\WINXP\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 2044 (1996) C:\Program Files\PeoplePC\ISP7300\Browser\Bartshel.exe
size: 176472
MD5: FA68078F8644B1C89F64D1E4401BCBED
PID: 160 (1728) C:\WINXP\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
PID: 256 (1728) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
PID: 264 (1728) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
PID: 280 (1728) C:\WINXP\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: 5B1D53E352DB12E14987DECDE1B17906
PID: 420 (1728) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
PID: 464 ( 724) C:\WINXP\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 512 (1728) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
PID: 560 (1728) C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 323584
MD5: 27B68F137ED4C85FF92DB98231BF11ED
PID: 632 (1728) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
PID: 976 (1728) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708
PID: 1088 (1728) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 1152 ( 560) C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
size: 352256
MD5: 68D63D92D73146EF9A5EFD5E7F25611E
PID: 1180 (1728) C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
PID: 1160 (1728) C:\WINXP\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1244 (1728) C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
PID: 1576 (1728) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 1656 (1728) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
PID: 1788 (1728) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
PID: 2096 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2164 ( 724) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
PID: 2196 ( 724) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 2224 ( 724) C:\WINXP\system32\cisvc.exe
size: 5632
MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
PID: 2448 ( 724) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 44FFBA62F0F426B581759C49AAFEC2E2
PID: 2556 ( 724) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2620 ( 724) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
size: 9158656
MD5: 1B959A0614D575D0AB3B09095F0A8B83
PID: 2724 (1576) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 2776 ( 724) C:\WINXP\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 3032 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3108 ( 724) C:\WINXP\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 3400 ( 724) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: F09461C8ECCACE33C271CC229F11E281
PID: 3432 ( 724) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: 23CA3E54474AE5FFDBC0F97B9E1815DB
PID: 3592 ( 724) C:\WINXP\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 4092 ( 724) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 288 ( 948) C:\PROGRA~1\PeoplePC\ISP7300\Browser\PPShared.exe
size: 86360
MD5: 54334E14BA1F30962B5A155558D7AD88
PID: 2132 ( 724) C:\Program Files\iPod\bin\iPodService.exe
size: 542496
MD5: E8E568EA584973DFD99AAC7D00A16287
PID: 2524 ( 724) C:\WINXP\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1240 (2224) C:\WINXP\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 336 (1728) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2156 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 3896 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2380 (1728) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/18/2009 6:08:53 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.peoplepc.com/search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://home.peoplepc.com/websearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://home.peoplepc.com/search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFC51EEC-07DE-4BF6-94C7-0B0EE4C38085}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFC51EEC-07DE-4BF6-94C7-0B0EE4C38085}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F56D561B-A6D9-40D9-940A-B57682FB2870}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F56D561B-A6D9-40D9-940A-B57682FB2870}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92D4F8C1-10D8-4A05-AD2C-9D2A5553E0C1}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92D4F8C1-10D8-4A05-AD2C-9D2A5553E0C1}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F950731-8DFC-4E87-B912-557C8C4A20B7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F950731-8DFC-4E87-B912-557C8C4A20B7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02B7C4C4-CBE2-400B-B476-246D034045CC}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02B7C4C4-CBE2-400B-B476-246D034045CC}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Let me know if you need anything else.
Thanks
I first posted a thread in the malware section which can be found http://forums.spybot.info/showthread.php?t=19117 here.
Blade 81 told me that the file C:\WINXP\system32\zipfldr.dll appears to be a false positive.
Here is my Spybot S&D report:
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2005-09-13 unins000.exe (51.41.0.0)
2008-06-23 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-05-19 Includes\Adware.sbi
2009-07-14 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-07-14 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-07-14 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-14 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-07-14 Includes\Malware.sbi
2009-07-14 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-07-14 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-06-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-07-07 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-07-14 Includes\Trojans.sbi
2009-07-14 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Update for Windows XP (KB942763)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Update for Windows XP (KB951618-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
Located: HK_LM:Run, Bart Station
command: C:\Program Files\PeoplePC\ISP7300\BIN\PPCOLink.exe -STATION
file: C:\Program Files\PeoplePC\ISP7300\BIN\PPCOLink.exe
size: 25944
MD5: D99C6789263B0B13C4C98D22D4F33836
Located: HK_LM:Run, DLA
command: C:\WINXP\System32\DLA\DLACTRLW.EXE
file: C:\WINXP\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: 5B1D53E352DB12E14987DECDE1B17906
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
Located: HK_LM:Run, DwlClient
command: C:\Program Files\Common Files\Dell\EUSW\Support.exe
file: C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 323584
MD5: 27B68F137ED4C85FF92DB98231BF11ED
Located: HK_LM:Run, IDTSysTrayApp
command: sttray.exe
file: C:\WINXP\sttray.exe
size: 405504
MD5: 394FE85B1D45F96E1E63D2E5AAB938D2
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINXP\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
Located: HK_CU:Run, DellSupport
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, ctfmon.exe
where: PE_C_STEVE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SUPERAntiSpyware
where: PE_C_STEVE...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 1510640
MD5: 43AFD0E4A75848914DB72C53A393733B
Located: HK_CU:RunOnce, TSClientAXDisabler
where: PE_C_STEVE...
command: cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
file: C:\WINXP\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: PE_C_STEVE...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINXP\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-507921405-117609710-839522115-1003...
command: C:\WINXP\system32\ctfmon.exe
file: C:\WINXP\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-507921405-117609710-839522115-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-507921405-117609710-839522115-1003...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
Located: Startup (common), Service Manager.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
Located: Startup (common), Windows Search.lnk
where: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 6/18/2008 10:29:26 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 6/15/2009 10:28:38 PM
Filesize: 312928
Attributes: archive
MD5: E5D9E4D177DAD33EAC64A88C8ED0F8E2
CRC32: 1EFFE9F1
Version: 1.0.1.206
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/13/2005 7:40:36 PM
Date (last access): 7/18/2009 6:02:08 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINXP\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 9/12/2008 7:13:42 PM
Date (last access): 7/18/2009 6:02:44 PM
Date (last write): 11/7/2005 5:20:00 AM
Filesize: 110652
Attributes: archive
MD5: A68BD98A43710FE5D19C92158E341F0C
CRC32: A34F395A
Version: 5.20.12.0
{656EC4B7-072B-4698-B504-2A414C1F0037} (Accelerator Plugin)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Accelerator Plugin
description: Propel PopupBlocker,
classification: Legitimate
known filename: prpl_IePopupBlocker.dll
info link: http://www.propel.com/ac/block.jsp
info source: TonyKlein
Path: C:\PROGRA~1\PEOPLE~1\
Long name: prpl_IePopupBlocker.dll
Short name: PRPL_I~1.DLL
Date (created): 2/20/2008 6:14:48 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 2/20/2008 6:14:48 PM
Filesize: 165400
Attributes: archive
MD5: 272470F9A2D3305AD1194FCC0B01DBE4
CRC32: EF476326
Version: 6.1.2.1011
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2/17/2009 4:11:04 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 2/17/2009 4:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{A8FB8EB3-183B-4598-924D-86F0E5E37085} (PeoplePal Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: PeoplePal Toolbar
Path: C:\Program Files\PeoplePC\Toolbar\
Long name: PPCToolbar_7.2.0.0.dll
Short name: PPCTOO~2.DLL
Date (created): 7/14/2009 5:03:24 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 5:03:24 PM
Filesize: 235864
Attributes: archive
MD5: 11058FA1C2D6CBC7B8B6906C8A4D3B9B
CRC32: 15B5A9E1
Version: 7.2.0.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 41368
Attributes: archive
MD5: 192E39C717013A0BD532B33AC29D6E7D
CRC32: 6D4D2A2E
Version: 6.0.140.8
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 7/14/2009 1:00:26 PM
Date (last access): 7/18/2009 6:02:10 PM
Date (last write): 7/14/2009 1:00:26 PM
Filesize: 73728
Attributes: archive
MD5: 9A0CA264EC3210E77764C45AD7C5F339
CRC32: A8965ADA
Version: 6.0.140.8
--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINXP\Downloaded Program Files\SysPro.inf
Codebase: http://support.dell.com/systemprofiler/SysPro.CAB
description:
classification: Legitimate
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 7/15/2009 9:29:58 AM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINXP\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
Path: C:\WINXP\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 2/4/2008 6:23:10 PM
Date (last access): 7/18/2009 3:11:30 AM
Date (last write): 2/4/2008 6:23:10 PM
Filesize: 693792
Attributes: archive
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINXP\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212268998159
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 7:18:34 PM
Date (last access): 7/18/2009 3:11:30 AM
Date (last write): 10/16/2008 2:06:48 PM
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/15/2009 9:29:58 AM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINXP\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINXP\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINXP\
Long name: opuc.dll
Short name:
Date (created): 5/29/2008 12:26:02 AM
Date (last access): 7/18/2009 3:08:40 AM
Date (last write): 5/29/2008 12:26:02 AM
Filesize: 524288
Attributes: archive
MD5: B3FB3D258C837F3A5EE855B241C1BFC7
CRC32: DA4B8FDE
Version: 12.0.5568.1000
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:08:54 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/14/2009 1:00:24 PM
Date (last access): 7/18/2009 6:08:54 PM
Date (last write): 7/14/2009 1:00:24 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINXP\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\WINXP\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 5/16/2007 8:22:06 AM
Date (last access): 7/15/2009 9:30:00 AM
Date (last write): 5/16/2007 8:22:06 AM
Filesize: 166512
Attributes: archive
MD5: 9BCFC46ECA1BF28E039ECCE2D331086E
CRC32: A9C6ED85
Version: 1.2.2.50
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINXP\Downloaded Program Files\swflash.inf
Codebase: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINXP\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 7:07:18 PM
Date (last access): 7/18/2009 2:09:18 PM
Date (last write): 2/2/2009 7:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Path: C:\WINXP\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~1.DLL
Date (created): 7/23/2008 10:32:50 AM
Date (last access): 7/18/2009 3:04:54 AM
Date (last write): 7/23/2008 10:33:20 AM
Filesize: 366296
Attributes: archive
MD5: 5390A5761F8ED49464702C1A91586820
CRC32: 39AE0E17
Version: 1.0.0.11
--- Process list ---
PID: 0 ( 0) [System]
PID: 608 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 656 ( 608) \??\C:\WINXP\system32\csrss.exe
size: 6144
PID: 680 ( 608) \??\C:\WINXP\system32\winlogon.exe
size: 507904
PID: 724 ( 680) C:\WINXP\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 736 ( 680) C:\WINXP\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 932 ( 724) C:\WINXP\system32\Ati2evxx.exe
size: 360448
MD5: 68CCF9573DF16BCE2236E07C430E607D
PID: 948 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1028 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1124 ( 724) C:\WINXP\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1224 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1408 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1476 ( 724) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: B4253776EE034F6770FCEE32C28490B0
PID: 1536 ( 724) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 62889D40A3FB1A9012428E16FE0DC67A
PID: 1728 (1668) C:\WINXP\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 2044 (1996) C:\Program Files\PeoplePC\ISP7300\Browser\Bartshel.exe
size: 176472
MD5: FA68078F8644B1C89F64D1E4401BCBED
PID: 160 (1728) C:\WINXP\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
PID: 256 (1728) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
PID: 264 (1728) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
PID: 280 (1728) C:\WINXP\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: 5B1D53E352DB12E14987DECDE1B17906
PID: 420 (1728) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
PID: 464 ( 724) C:\WINXP\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 512 (1728) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
PID: 560 (1728) C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 323584
MD5: 27B68F137ED4C85FF92DB98231BF11ED
PID: 632 (1728) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 5676E75F98FF8E0F81DFF604A09288BB
PID: 976 (1728) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708
PID: 1088 (1728) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 1152 ( 560) C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
size: 352256
MD5: 68D63D92D73146EF9A5EFD5E7F25611E
PID: 1180 (1728) C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
PID: 1160 (1728) C:\WINXP\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1244 (1728) C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9
PID: 1576 (1728) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 1656 (1728) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 81920
MD5: F45BFC03A06C9DCFA6731E551029B474
PID: 1788 (1728) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
PID: 2096 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2164 ( 724) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
PID: 2196 ( 724) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 2224 ( 724) C:\WINXP\system32\cisvc.exe
size: 5632
MD5: 1CFE720EB8D93A7158A4EBC3AB178BDE
PID: 2448 ( 724) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 44FFBA62F0F426B581759C49AAFEC2E2
PID: 2556 ( 724) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2620 ( 724) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
size: 9158656
MD5: 1B959A0614D575D0AB3B09095F0A8B83
PID: 2724 (1576) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 2776 ( 724) C:\WINXP\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 3032 ( 724) C:\WINXP\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3108 ( 724) C:\WINXP\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 3400 ( 724) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: F09461C8ECCACE33C271CC229F11E281
PID: 3432 ( 724) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: 23CA3E54474AE5FFDBC0F97B9E1815DB
PID: 3592 ( 724) C:\WINXP\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 4092 ( 724) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 288 ( 948) C:\PROGRA~1\PeoplePC\ISP7300\Browser\PPShared.exe
size: 86360
MD5: 54334E14BA1F30962B5A155558D7AD88
PID: 2132 ( 724) C:\Program Files\iPod\bin\iPodService.exe
size: 542496
MD5: E8E568EA584973DFD99AAC7D00A16287
PID: 2524 ( 724) C:\WINXP\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1240 (2224) C:\WINXP\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 336 (1728) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2156 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 3896 ( 336) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2380 (1728) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/18/2009 6:08:53 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.peoplepc.com/search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://home.peoplepc.com/websearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINXP\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://home.peoplepc.com/search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFC51EEC-07DE-4BF6-94C7-0B0EE4C38085}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFC51EEC-07DE-4BF6-94C7-0B0EE4C38085}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F56D561B-A6D9-40D9-940A-B57682FB2870}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F56D561B-A6D9-40D9-940A-B57682FB2870}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92D4F8C1-10D8-4A05-AD2C-9D2A5553E0C1}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92D4F8C1-10D8-4A05-AD2C-9D2A5553E0C1}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F950731-8DFC-4E87-B912-557C8C4A20B7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F950731-8DFC-4E87-B912-557C8C4A20B7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02B7C4C4-CBE2-400B-B476-246D034045CC}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02B7C4C4-CBE2-400B-B476-246D034045CC}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Let me know if you need anything else.
Thanks