PDA

View Full Version : first log file re: Virtumonde.dll



jussy
2009-09-30, 00:48
Here is the log file from the hickjack this exe file... the instructions were to do and post no more until I get a response from a qualified "geek" ;) thanks
Jussy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:20 PM, on 9/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Droppix\DxService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\exeFiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\USBFast\OneBtn.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [Prolific2571_OneButton] C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Omega ASIO Control Panel.lnk = C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10624 bytes

Shaba
2009-10-01, 20:15
Hi jussy

Please post next spybot report :)

jussy
2009-10-02, 00:35
I couldn't figure out how to make spybot give me a report so I just made a screen shot of it. Here is the link. ...since I suppose I can't upload images here.
Juss
Aaaaggghhhhh my life ebbs.:sad:
jussy.viviti.com

jussy
2009-10-02, 03:12
...and a new fre website (for what it's worth)
Here is the report:
BTW I use a dual boot with Linux (Kubuntu the best)

- Search result list ---

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-11 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-09-29 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-29 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-29 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-09-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-09-29 Includes\Malware.sbi (*)
2009-09-29 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-29 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-29 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-09-15 Includes\Trojans.sbi (*)
2009-09-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627

Located: HK_LM:Run, Adobe_ID0EYTHM
command: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
size: 1884160
MD5: C1873D880786B6B03AF781E23835D925

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: EAF4EE7C73FB0784F2C128029C1ACE1C

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, InCD
command: C:\Program Files\Nero\Nero8\InCD\InCD.exe
file: C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
size: 570664
MD5: D9DDA3A8B656360905CEB764D87BA263

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, Prolific_OneButton
command: C:\Program Files\USBFast\OneBtn.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Prolific2571_OneButton
command: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
file: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
size: 65536
MD5: 55752F656D353E60E3B735B8EAA91E22

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, Samsung PanelMgr
command: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
file: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
size: 507904
MD5: 146D4E9013CD87D221AF0F29EA1853C6

Located: HK_LM:Run, SecurDisc
command: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
file: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC

Located: HK_LM:Run, USIUDF_Eject_Monitor
command: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
file: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43

Located: HK_LM:Run, WService
command: WService.EXE
file: C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 420176
MD5: EA8A17919A85D8EDD532B68BFA0781DA

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, IncrediMail
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file: C:\Program Files\IncrediMail\bin\IncMail.exe
size: 251336
MD5: 307FB55BD3D0EC649F28A9ABA075632E

Located: HK_CU:Run, IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
file: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1840424
MD5: C44031488DED58FCE58E5D94BC345D30

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: E9ED9D153AFC8F07264CA07836F58188

Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (common), Microtek Scanner Finder.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
file: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
size: 303104
MD5: 9F21FA11C60ACCD64EEA7209E394473C

Located: Startup (user), Omega ASIO Control Panel.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
file: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 10/1/2009 1:48:16 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: C:\Program Files\Adobe\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 3/16/2007 3:13:06 PM
Date (last access): 10/1/2009 2:03:48 PM
Date (last write): 3/16/2007 3:13:06 PM
Filesize: 118784
Attributes: archive
MD5: E23691A98928CE49586753982B8402A2
CRC32: 2CAFCB5A
Version: 1.0.0.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 9/11/2009 3:34:22 PM
Date (last access): 10/1/2009 2:03:48 PM
Date (last write): 9/11/2009 3:34:24 PM
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/11/2009 3:30:42 PM
Date (last access): 10/1/2009 5:03:42 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 9/10/2009 2:43:46 PM
Date (last access): 10/1/2009 2:03:48 PM
Date (last write): 5/10/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0



--- ActiveX list ---


--- Process list ---
PID: 0 ( 0) [System]
PID: 1108 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1160 (1108) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1188 (1108) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1232 (1188) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1244 (1188) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1404 (1232) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1500 (1232) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1556 (1232) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1680 (1232) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1740 (1232) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1940 (1232) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 5E692B54EC3D9C586417F9C5822CBEC9
PID: 2028 (1232) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
PID: 596 (1232) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 700 (1232) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 557F35D1CA42AEA14A6690E21887A31F
PID: 720 (1232) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 844 (1232) C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
size: 1442088
MD5: CA32EA0F5FC2A36CA44AD7238F18C248
PID: 868 (1232) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E75ADCFAFDEF3F4C3AF3332928D59926
PID: 1020 (1232) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 0EFEE4F2D23BA2D8B27FBA942106E0E1
PID: 1148 (1232) C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
size: 53032
MD5: A8960FA773CCC3E38515F637E19A76C0
PID: 1312 (1232) C:\WINDOWS\system32\IoctlSvc.exe
size: 81920
MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
PID: 1360 (1088) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1648 (1232) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1676 (1232) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: CA90D2C55EB3BB90687677BEA3DB0B59
PID: 1688 (1232) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1800 (1232) C:\WINDOWS\System32\Drivers\WTSRV.EXE
size: 40960
MD5: 7D8570C2BC1C04582BA4712746A32604
PID: 1868 (1232) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 1900 (1360) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2308 (1360) C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43
PID: 2336 (1360) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627
PID: 2444 (1232) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: AEF50B1CEA979739EDE53C68556B95E5
PID: 2452 (1360) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC
PID: 2488 (1232) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: A62A0418BE5A5B8B0ECF3D8F73325113
PID: 2496 (1360) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
PID: 2520 (2508) C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082
PID: 2704 (1360) C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD
PID: 2772 (1360) C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446
PID: 2784 (1556) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2848 (1232) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3068 (1360) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3320 (1360) C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28
PID: 3640 (1232) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
size: 654848
MD5: 227846995AFEEFA70D328BF5334A86A5
PID: 3952 (1232) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
size: 537896
MD5: CB992AE1506985D9167E85883B4C3240
PID: 3692 (1404) C:\Program Files\IncrediMail\bin\IMApp.exe
size: 189896
MD5: 0A6E40741DB7FF0B9A1FF50D16CFEAA7
PID: 3588 (1360) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/1/2009 5:05:26 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Shaba
2009-10-02, 07:17
That one clean.

Was it spybot which originally found virtumonde.dll?

jussy
2009-10-03, 06:28
Hi Shaba,
I'm thankful for your help but I am confused because my initial (possibly newbie mode) report says I still have virtumonde.dll. That was the image that I posted at http://jussy.viviti.com . And I am still having the same problems with slow, slow and slower yet.And yes it was spybot the initially reported the beastly thing.

Here is the most resent and re sent ;) report now that I have risen to the status of knowing how to find them. LOL. Ahhh ! What would such a prideful person do with ones'-self. ;)
Anyway:
Report: I have to put part of the report on that website because your forum here says that my post is too long by more than 40,000 char. I've cut off the bottom part to post on the http://jussy.viviti.com Oh, brother this seems to be getting kind of out of my control. eeewwwww!


--- Search result list ---
Virtumonde.Dll: [SBI $92386332] Library (File, nothing done)
C:\WINDOWS\system32\zipfldr.dll

DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


Right Media: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-11 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-09-29 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-29 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-29 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-09-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-09-29 Includes\Malware.sbi (*)
2009-09-29 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-29 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-29 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-09-15 Includes\Trojans.sbi (*)
2009-09-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627

Located: HK_LM:Run, Adobe_ID0EYTHM
command: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
size: 1884160
MD5: C1873D880786B6B03AF781E23835D925

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: EAF4EE7C73FB0784F2C128029C1ACE1C

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, InCD
command: C:\Program Files\Nero\Nero8\InCD\InCD.exe
file: C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
size: 570664
MD5: D9DDA3A8B656360905CEB764D87BA263

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, Prolific_OneButton
command: C:\Program Files\USBFast\OneBtn.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Prolific2571_OneButton
command: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
file: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
size: 65536
MD5: 55752F656D353E60E3B735B8EAA91E22

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, Samsung PanelMgr
command: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
file: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
size: 507904
MD5: 146D4E9013CD87D221AF0F29EA1853C6

Located: HK_LM:Run, SecurDisc
command: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
file: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC

Located: HK_LM:Run, USIUDF_Eject_Monitor
command: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
file: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43

Located: HK_LM:Run, WService
command: WService.EXE
file: C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 420176
MD5: EA8A17919A85D8EDD532B68BFA0781DA

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, IncrediMail
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file: C:\Program Files\IncrediMail\bin\IncMail.exe
size: 251336
MD5: 307FB55BD3D0EC649F28A9ABA075632E

Located: HK_CU:Run, IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
file: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1840424
MD5: C44031488DED58FCE58E5D94BC345D30

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: E9ED9D153AFC8F07264CA07836F58188

Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (common), Microtek Scanner Finder.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
file: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
size: 303104
MD5: 9F21FA11C60ACCD64EEA7209E394473C

Located: Startup (user), Omega ASIO Control Panel.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
file: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 10/2/2009 6:20:20 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: C:\Program Files\Adobe\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 3/16/2007 3:13:06 PM
Date (last access): 10/2/2009 6:20:20 PM
Date (last write): 3/16/2007 3:13:06 PM
Filesize: 118784
Attributes: archive
MD5: E23691A98928CE49586753982B8402A2
CRC32: 2CAFCB5A
Version: 1.0.0.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 9/11/2009 3:34:22 PM
Date (last access): 10/2/2009 6:26:42 PM
Date (last write): 9/11/2009 3:34:24 PM
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/11/2009 3:30:42 PM
Date (last access): 10/2/2009 8:06:56 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 9/10/2009 2:43:46 PM
Date (last access): 10/2/2009 6:26:42 PM
Date (last write): 5/10/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0



--- ActiveX list ---


--- Process list ---
PID: 0 ( 0) [System]
PID: 1104 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1156 (1104) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1192 (1104) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1236 (1192) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1248 (1192) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1412 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1508 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1672 (1236) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1796 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1940 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 260 (1236) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 5E692B54EC3D9C586417F9C5822CBEC9
PID: 444 (1236) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
PID: 872 (1236) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1172 (1148) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1820 (1236) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 557F35D1CA42AEA14A6690E21887A31F
PID: 1860 (1236) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 196 (1236) C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
size: 1442088
MD5: CA32EA0F5FC2A36CA44AD7238F18C248
PID: 212 (1236) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E75ADCFAFDEF3F4C3AF3332928D59926
PID: 828 (1236) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 0EFEE4F2D23BA2D8B27FBA942106E0E1
PID: 852 (1236) C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
size: 53032
MD5: A8960FA773CCC3E38515F637E19A76C0
PID: 936 (1236) C:\WINDOWS\system32\IoctlSvc.exe
size: 81920
MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
PID: 1012 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1032 (1236) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: CA90D2C55EB3BB90687677BEA3DB0B59
PID: 1444 (1236) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1580 (1236) C:\WINDOWS\System32\Drivers\WTSRV.EXE
size: 40960
MD5: 7D8570C2BC1C04582BA4712746A32604
PID: 1632 (1236) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2308 (1236) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: AEF50B1CEA979739EDE53C68556B95E5
PID: 2336 (1236) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: A62A0418BE5A5B8B0ECF3D8F73325113
PID: 2548 (1672) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2748 (1172) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2896 (1172) C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43
PID: 3036 (1172) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627
PID: 3276 (1236) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3840 (1172) C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
size: 507904
MD5: 146D4E9013CD87D221AF0F29EA1853C6
PID: 3860 (1172) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC
PID: 3868 (1172) C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
PID: 3876 (1172) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
PID: 3916 (3888) C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082
PID: 3964 (1172) C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD
PID: 3988 (1172) C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446
PID: 4008 (1172) C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
size: 65536
MD5: 55752F656D353E60E3B735B8EAA91E22
PID: 164 (1172) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 1896 (1172) C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26
PID: 640 (1172) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4
PID: 1004 (1172) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: E9ED9D153AFC8F07264CA07836F58188
PID: 2104 (1172) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 1592 (1172) C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
size: 303104
MD5: 9F21FA11C60ACCD64EEA7209E394473C
PID: 1492 (1172) C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28
PID: 2556 (1412) C:\Program Files\IncrediMail\bin\IMApp.exe
size: 189896
MD5: 0A6E40741DB7FF0B9A1FF50D16CFEAA7
PID: 2668 (1412) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2904 (1236) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
size: 537896
MD5: CB992AE1506985D9167E85883B4C3240
PID: 2952 (1236) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
size: 654848
MD5: 227846995AFEEFA70D328BF5334A86A5
PID: 2660 (1172) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 3800 (2556) C:\Program Files\IncrediMail\bin\IncMail.exe
size: 251336
MD5: 307FB55BD3D0EC649F28A9ABA075632E
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/2/2009 8:06:54 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP



--- Uninstall list ---
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39) 12/19/2007 9.0.4.39 (2DA959FE3D6F0F5BC313481E72071D510DD786FB)
uninstall cmd: C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.inf
publisher: Intel

Windows Driver Package - CXT (winachsf) Modem (12/26/2006 7.62.00.00) 12/26/2006 7.62.00.00 (3CF5E4A44057FA67294C1FBA676F0C67EF3538F9)
uninstall cmd: C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\snszirx5_B6F9E56931605FDEFD495614D39913499B2BFDF7\snszirx5.inf
publisher: CXT

ABBYY FineReader 4.0 Sprint (ABBYY FineReader 4.0 Sprint)
uninstall cmd: C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini

(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.32.18 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Add or Remove Adobe Creative Suite 3 Master Collection 1.0 (Adobe_4dcfd9b7e901b57f81f667144603236)
estimated size: 8303318
uninstall cmd: C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/support/

Audacity 1.2.6 (Audacity_is1)
install location: C:\Program Files\Audacity\
uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
help link: http://audacity.sourceforge.net

avast! Antivirus 4.8 (avast!)
version (major): 4
version (minor): 8
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_AV_IN~1.TM~
uninstall cmd: C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
publisher: Alwil Software
help link: http://www.avast.com

(Branding)

HDAUDIO SoftV92 Data Fax Modem with SmartCP (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRX5.inf

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

MS The Dolphin Assistant(Remove only) (Dolphin)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\Dolphin.inf, Uninstall.NT

Droppix CD/DVD Symbols Pack 2 2 (Droppix CD/DVD Symbols Pack 2_is1)
install date: 20090929
uninstall cmd: "C:\WINDOWS\unins004.exe"
publisher: Droppix
help link: http://www.droppix.com/support_liste.php

Droppix Label Maker 2.x 2.9.7 (Droppix Label Maker_is1)
install date: 20090929
install location: C:\Program Files\Droppix\Droppix Label Maker 2.x\
uninstall cmd: "C:\Program Files\Droppix\Droppix Label Maker 2.x\unins000.exe"
publisher: Droppix
help link: http://www.droppix.com/index2.php?goto=support

Droppix LightScribe Pack #1 1.0 (Droppix LightScribe Pack #1_is1)
install date: 20090929
uninstall cmd: "C:\WINDOWS\unins000.exe"
publisher: Droppix
help link: http://www.droppix.com/support_liste.php

Droppix LightScribe Pack #2 1.0 (Droppix LightScribe Pack #2_is1)
install date: 20090929
uninstall cmd: "C:\WINDOWS\unins001.exe"
publisher: Droppix
help link: http://www.droppix.com/support_liste.php

Droppix LightScribe Pack #3 1.0 (Droppix LightScribe Pack #3_is1)
install date: 20090929
uninstall cmd: "C:\WINDOWS\unins002.exe"
publisher: Droppix
help link: http://www.droppix.com/support_liste.php

Droppix Nature Pack #1 1.0 (Droppix Nature Pack #1_is1)
install date: 20090929
uninstall cmd: "C:\WINDOWS\unins003.exe"
publisher: Droppix
help link: http://www.droppix.com/support_liste.php

(DXM_Runtime)

Windows Driver Package - Intel (NETw5x32) net (11/17/2008 12.2.0.11) 11/17/2008 12.2.0.11 (EA92D36B2621B412A14375F1D39FCB7FBC2C84D4)
uninstall cmd: C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\netw5x32_E3DB7A2849DF31473325B4F9BDB5DAC54591572B\netw5x32.inf
publisher: Intel

EZ-DUB 5.0.3 (EZ-DUB5.0.3)
uninstall cmd: "C:\WINDOWS\EZ-DUB\uninstall.exe" "/U:C:\Program Files\EZ-DUB\irunin.xml"
publisher: LITE-ON IT
help link: http://www.liteonit.com

FileZilla Client 3.2.6.1 3.2.6.1 (FileZilla Client)
install location: C:\Program Files\FileZilla FTP Client
uninstall cmd: C:\Program Files\FileZilla FTP Client\uninstall.exe
help link: http://filezilla-project.org

(Fontcore)

(Google Chrome)

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Documents and Settings\Administrator\My Documents\exeFiles\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

ImgBurn (Remove Only) (ImgBurn)
uninstall cmd: "C:\Program Files\ImgBurn\uninstall.exe"

(InCD!UninstallKey)
uninstall cmd: C:\WINDOWS\NuNInst.exe /UNINSTALL

IncrediMail 5.8.6.4332 (IncrediMail)
uninstall cmd: C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
publisher: IncrediMail Ltd.
help link: http://www.incredimail.com/english/help/index.html

(IncrediMail Xe)

High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB835221

(KB884016)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20090911
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org

(MobileOptionPack)

Mozilla Firefox (3.5.3) 3.5.3 (en-US) (Mozilla Firefox (3.5.3))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MicroStaff WINASPI (MWASPI)
uninstall cmd: C:\MWASPI\uninst.exe

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

NVIDIA Drivers 1.3 (NVIDIA Drivers)

Lexicon Omega Studio(remove only) (OmegaAsio)
uninstall cmd: C:\Program Files\Lexicon\Omega\OmegaStudioUninstaller.exe

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

RealPlayer (RealPlayer 12.0)
install location: C:\Program Files\Real\RealPlayer\realplay.exe
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
publisher: RealNetworks
comments: Play, Save, and Organize your music and videos, Burn a CD, or simply take your music with you.
contact: RealNetworks

Samsung CLP-300 Series (Samsung CLP-300 Series)
uninstall cmd: C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R

(SchedulingAgent)

Steinberg Cubase LE (Steinberg Cubase LE)
uninstall cmd: "C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"

Total Recorder 7.1 (TotalRecorder)
uninstall cmd: "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U

UltraISO Premium V8.61 (UltraISO_is1)
install date: 20090910
install location: C:\Program Files\UltraISO\
uninstall cmd: "C:\Program Files\UltraISO\unins000.exe"

White Estate Software (UninstEGWhite)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\Estate\Uninst.isu

Unit Conversion Tool Evaluation Version 5.1 (Unit Conversion Tool Evaluation Version_is1)
install location: C:\Program Files\Unit Conversion Tool\
uninstall cmd: "C:\Program Files\Unit Conversion Tool\unins000.exe"
publisher: AccelWare, Inc.
help link: http://www.accelware.com

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRar\uninstall.exe

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
publisher: Yahoo! Inc.

Yahoo! Software Update (Yahoo! Software Update)
uninstall cmd: C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

Adobe Photoshop CS3 10 ({0046FA01-C5B9-4985-BACB-398DC480FC05})
version: 167772160
version (major): 10
estimated size: 349064
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePhotoshop10en_US\
uninstall cmd: MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
publisher: Adobe Systems Incorporated

Adobe XMP DVA Panels CS3 1.0 ({0224CACC-994D-45F8-B973-D65056EA9C2F})
version: 16777216
version (major): 1
estimated size: 169
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeXMPPanelsDVAAll\
uninstall cmd: MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
publisher: Adobe Systems Incorporated

Adobe Soundbooth CS3 Codecs 3 ({0327FA9D-975C-448C-A086-577D57BB25B8})
version: 50331648
version (major): 3
estimated size: 29001
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeSoundboothCodecsAll\
uninstall cmd: MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
publisher: Adobe Systems Incorporated

Ulead DVD MovieFactory 3 Suite 3.0 ({068502DA-6979-4D9A-BBE1-C3AD0FF11F19})
version: 50331648
version (major): 3
install location: C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Suite
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}\setup.exe" -l0x9
publisher: Ulead Systems, Inc.

Bonjour 1.0.106 ({07287123-B8AC-41CE-8346-3D777245C35B})
version: 16777322
version (major): 1
estimated size: 493
install date: 20090911
install location: C:\Program Files\Bonjour\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP409.TMP\
uninstall cmd: MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe Bridge Start Meeting 1.0 ({08B32819-6EEF-4057-AEDA-5AB681A36A23})
version: 16777216
version (major): 1
estimated size: 477
install date: 20090910
install source: D:\Adobe CS3\payloads\BridgeStartMeeting\
uninstall cmd: MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
publisher: Adobe Systems Incorporated

Nero 8 Essentials 8.3.443 ({0EF20B0F-E45E-44AA-88FD-27185FD01033})
version: 134414779
version (major): 8
version (minor): 3
estimated size: 465155
install date: 20090923
install location: C:\Program Files\Nero\Nero8\
install source: H:\Installation\Data\
uninstall cmd: MsiExec.exe /X{0EF20B0F-E45E-44AA-88FD-27185FD01033}
publisher: Nero AG
comments: Nero AG
contact: http://www.nero.com
help link: http://support.nero.com
help telephone: xxxxxxxxxxxxxx

Adobe WinSoft Linguistics Plugin 1.0 ({184CE391-7E0E-4C63-9935-D7A10EDFD3C6})
version: 16777216
version (major): 1
estimated size: 8205
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\
uninstall cmd: MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
publisher: Adobe Systems Incorporated

Adobe After Effects CS3 Presets 8 ({193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285})
version: 134217728
version (major): 8
estimated size: 92965
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeAfterEffects8PresetsAll\
uninstall cmd: MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
publisher: Adobe Systems Incorporated

ImageMixer for Sony ({1B4AA674-F5CA-4BB5-831A-CD37B4021959})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"

Adobe Version Cue CS3 Server 3.0 ({1D58229F-C505-45CA-8223-F35F3A34B963})
version: 50331648
version (major): 3
estimated size: 202526
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeVersionCue3All\
uninstall cmd: MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
publisher: Adobe Systems Incorporated

Adobe Stock Photos CS3 1.5 ({29E5EA97-5F74-4A57-B8B2-D4F169117183})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 10484
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeStockPhotos1.5All\
uninstall cmd: MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
publisher: Adobe Systems Incorporated

Adobe Flash Video Encoder 2.0 ({2EFFFC71-1E66-454E-A6E6-CEEC800B96D2})
version: 33554432
version (major): 2
estimated size: 38158
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeFlashVideoEncoder2en_US\
uninstall cmd: MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
publisher: Adobe Systems Incorporated

Microtek FineReader OCR Engine ({345C90FB-FA10-11D5-9C2A-0080C85A0C2D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20090910
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Adobe Setup 1.0 ({4458C442-7376-4CF9-AF58-E8CEA6722363})
version: 16777216
version (major): 1
estimated size: 70852
install date: 20090910
install source: D:\Adobe CS3\
uninstall cmd: MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
publisher: Adobe Systems Incorporated

EZ-DUB Finder 0.2.0.3 ({479047FF-2921-43C2-A4DC-66182FDF1F94})
version: 131072
install date: 20090923
install location: C:\Program Files\Prolific\EZ-DUB Finder
install source: C:\Program Files\EZ-DUB\FINDER\EZ-DUB_Finder.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{479047FF-2921-43C2-A4DC-66182FDF1F94}\setup.exe" -runfromtemp -l0x0009 -u -removeonly
publisher: Prolific

Adobe Premiere Pro CS3 Third Party Content 3 ({485ACF57-F364-440A-8496-E1E81C8FA1AA})
version: 50331648
version (major): 3
estimated size: 23801
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePremierePro3ProtectedAll\
uninstall cmd: MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
publisher: Adobe Systems Incorporated

Adobe Premiere Pro CS3 Functional Content 8 ({50F102CA-4BE2-41A9-9810-5BB05EB91B9A})
version: 134217728
version (major): 8
estimated size: 257081
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePremierePro3FCAll\
uninstall cmd: MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
publisher: Adobe Systems Incorporated

Adobe Color EU Extra Settings 1.0 ({51846830-E7B2-4218-8968-B77F0FF475B8})
version: 16777216
version (major): 1
estimated size: 1661
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\
uninstall cmd: MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
publisher: Adobe Systems Incorporated

Adobe Linguistics CS3 3.0.0 ({54793AA1-5001-42F4-ABB6-C364617C6078})
version: 50331648
version (major): 3
estimated size: 67177
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeLinguisticsAll\
uninstall cmd: MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
publisher: Adobe Systems Incorporated

Adobe Encore CS3 3 ({54B2EAD9-A110-43F7-B010-2859A1BD2AFE})
version: 50331648
version (major): 3
estimated size: 258169
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeEncore3All\
uninstall cmd: MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
publisher: Adobe Systems Incorporated

Image Transfer ({564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL

neroxml 1.0.0 ({56C049BE-79E9-4502-BEA7-9754A3E60F9B})
version: 16777216
version (major): 1
estimated size: 3795
install date: 20090923
install source: H:\Installation\Data\Redist\
uninstall cmd: MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
publisher: Nero AG
contact: Nero AG

Adobe Premiere Pro CS3 3 ({58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA})
version: 50331648
version (major): 3
estimated size: 416993
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePremierePro3All\
uninstall cmd: MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
publisher: Adobe Systems Incorporated


Error Control: 0

Thanks for looking again
Juss

jussy
2009-10-03, 06:31
Sony USB Driver ({5C29CB8B-AC1E-4114-8D68-9CD080140D4A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

Apple Software Update 2.1.1.116 ({6956856F-B6B3-4BE0-BA0B-8F495BE32033})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 2208
install date: 20090911
install location: C:\Program Files\Apple Software Update\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP409.TMP\
uninstall cmd: MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe Fonts All 1.0 ({6ABE0BEE-D572-4FE8-B434-9E72A289431B})
version: 16777216
version (major): 1
estimated size: 68409
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeFontsAll\
uninstall cmd: MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
publisher: Adobe Systems Incorporated

Adobe Flash CS3 9.0 ({6B52140A-F189-4945-BFFC-DB3F00B8C589})
version: 150994944
version (major): 9
estimated size: 501866
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeFlash9en_US\
uninstall cmd: MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
publisher: Adobe Systems Incorporated

Adobe MotionPicture Color Files 1.0 ({6B708481-748A-4EB4-97C1-CD386244FF77})
version: 16777216
version (major): 1
estimated size: 1817
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeMotionPictureAll\
uninstall cmd: MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
publisher: Adobe Systems Incorporated

UDF File System Driver 1.00.000 ({6B7EB014-1EAF-4845-8BF7-AF442DCCC39E})
version: 16777216
install location: C:\Program Files\Common Files\Ulead Systems\DVD
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7EB014-1EAF-4845-8BF7-AF442DCCC39E}\Setup.exe" -l0x9

AHV content for Acrobat and Flash 1 ({6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD})
version: 16777216
version (major): 1
estimated size: 6045
install date: 20090910
install source: D:\Adobe CS3\payloads\AHVSTIAll\
uninstall cmd: MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
publisher: Adobe Systems Incorporated

Adobe Asset Services CS3 3 ({6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61})
version: 50331648
version (major): 3
estimated size: 48819
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeAssetServices3All\
uninstall cmd: MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
publisher: Adobe Systems Incorporated

Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
version: 134274064
version (major): 8
estimated size: 5330
install date: 20090926
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
publisher: Microsoft Corporation

Ulead VideoStudio 7 SE DVD 7.0 ({757AD3D4-036B-42FA-B0A4-96BD6F4605A0})
version: 117440512
version (major): 7
install location: C:\Program Files\Ulead Systems\Ulead VideoStudio 7 SE DVD
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
publisher: Ulead Systems, Inc.

Adobe Help Viewer CS3 1 ({7ACFB90E-8FD0-4397-AD3A-5195412623A3})
version: 16777216
version (major): 1
estimated size: 4149
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeHelpViewerAll\
uninstall cmd: MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
publisher: Adobe Systems Incorporated

Adobe Dreamweaver CS3 9 ({7C10F5C7-F00F-4BD3-A110-C7D240D2DD25})
version: 150994944
version (major): 9
estimated size: 248703
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeDreamweaver9en_US\
uninstall cmd: MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
publisher: Adobe Systems Incorporated

Adobe Fireworks CS3 9.0 ({7DFC1012-D346-46CE-B03E-FF79125AE029})
version: 150994944
version (major): 9
estimated size: 195097
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeFireworks9en_US\
uninstall cmd: MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
publisher: Adobe Systems Incorporated

Adobe Video Profiles 1.0 ({845A8DB9-8802-4FD3-9FE3-938A6C46A2EC})
version: 16777216
version (major): 1
estimated size: 17
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeVideoProfilesAll\
uninstall cmd: MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
publisher: Adobe Systems Incorporated

Adobe Creative Suite 3 Master Collection 1.0 ({8718DC03-D066-4957-94E5-50C3C5042E8E})
version: 16777216
version (major): 1
estimated size: 9318
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeMasterCollectionSuiteen_US_Volume\
uninstall cmd: MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
publisher: Adobe Systems Incorporated

Adobe Device Central CS3 1.0 ({8D2BA474-F406-4710-9AE4-D4F22D21F0DD})
version: 16777216
version (major): 1
estimated size: 137150
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeDeviceCentralAll\
uninstall cmd: MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
publisher: Adobe Systems Incorporated

Adobe Type Support 1.0 ({8E6808E2-613D-4FCD-81A2-6C8FA8E03312})
version: 16777216
version (major): 1
estimated size: 5677
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeTypeSupportAll\
uninstall cmd: MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
publisher: Adobe Systems Incorporated

Adobe Anchor Service CS3 1.0 ({90176341-0A8B-4CCC-A78D-F862228A6B95})
version: 16777216
version (major): 1
estimated size: 1025
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeALMAnchorServiceAll\
uninstall cmd: MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
publisher: Adobe Systems Incorporated

Microsoft Office XP Professional 10.0.2627.01 ({91110409-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 448561
install date: 20090910
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Adobe Color NA Recommended Settings 1.0 ({95655ED4-7CA5-46DF-907F-7144877A32E5})
version: 16777216
version (major): 1
estimated size: 1661
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\
uninstall cmd: MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
publisher: Adobe Systems Incorporated

Adobe Bridge CS3 2 ({9C9824D9-9000-4373-A6A5-D0E5D4831394})
version: 33554432
version (major): 2
estimated size: 265322
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeBridge2All\
uninstall cmd: MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
publisher: Adobe Systems Incorporated

Corel Painter IX 9.00 ({A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC})
version: 150994944
version (major): 9
estimated size: 248504
install date: 20090926
install location: C:\Program Files\Corel\Corel Painter IX\
install source: D:\PainterIX\
uninstall cmd: MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
publisher: Corel Corporation
comments: Corel Painter IX: Graphic Software Application
contact: Corel Customer Service
help link: http://www.corel.com
help telephone: U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202
readme: C:\Program Files\Corel\Corel Painter IX\Readme.htm

Adobe CMaps 1.0 ({A2B242BD-FF8D-4840-9DAA-9170EABEC59C})
version: 16777216
version (major): 1
estimated size: 6493
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeCMapsAll\
uninstall cmd: MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
publisher: Adobe Systems Incorporated

Adobe Color - Photoshop Specific 1.0 ({A2D81E70-2A98-4A08-A628-94388B063C5E})
version: 16777216
version (major): 1
estimated size: 3541
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeColorPhotoshopAll\
uninstall cmd: MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
publisher: Adobe Systems Incorporated

Adobe Soundbooth CS3 1 ({A6B23EFA-6590-482C-A11F-5ACE1B91F5B9})
version: 16777216
version (major): 1
estimated size: 471132
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeSoundboothAll\
uninstall cmd: MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
publisher: Adobe Systems Incorporated

PDF Settings 1.0 ({AC5B0C19-D851-42F4-BDA0-410ECF7F70A5})
version: 16777216
version (major): 1
estimated size: 579
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePDFSettingsAll\
uninstall cmd: MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
publisher: Adobe Systems Incorporated

Adobe Acrobat 8 Professional 8.1.0 ({AC76BA86-1033-0000-7760-000000000003})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 1224739
install date: 20090910
install location: C:\Program Files\Adobe\Acrobat 8.0
install source: D:\Adobe CS3\payloads\AdobeAcrobat8.1en_US\
publisher: Adobe Systems
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 8.0Readme.htm

Ipswitch WS_FTP 12 12.0 ({AD88355B-A4E0-4DA1-BAC3-EA4FEA930691})
version: 201326592
install date: 20090911
install location: C:\Program Files\Ipswitch\WS_FTP 12
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{d450fba2-45d7-40b4-8eea-5c03a9e087b0}\wsftp12English.exe
uninstall cmd: C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Ipswitch

USBFast 1.3.0.12 ({AED142A8-96EA-42DE-B212-60BFC98D6CC7})
version: 16973824
install date: 20090923
install location: C:\Program Files\USBFast
install source: H:\Installation\PL2571_LiteON_USBFast_13012_20081201_release.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}\setup.exe" -runfromtemp -l0x0009 -u -removeonly
publisher: LiteON

ScanWizard 5 ({B08D262E-D902-11D5-9C28-0080C85A0C2D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"

Adobe Camera Raw 4.0 4.0 ({B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C})
version: 67108864
version (major): 4
estimated size: 9969
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeCameraRaw4.0All\
uninstall cmd: MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
publisher: Adobe Systems Incorporated

Spybot - Search & Destroy 1.5.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20090911
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support

Adobe SING CS3 0.1 ({B671CBFD-4109-4D35-9252-3062D3CCB7B2})
version: 65536
version (minor): 1
estimated size: 6121
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeSINGAll\
uninstall cmd: MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
publisher: Adobe Systems Incorporated

Adobe BridgeTalk Plugin CS3 1.0 ({B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E})
version: 16777216
version (major): 1
estimated size: 673
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeBridgeTalkPluginAll\
uninstall cmd: MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
publisher: Adobe Systems Incorporated

Adobe Encore CS3 Codecs 3 ({B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931})
version: 50331648
version (major): 3
estimated size: 31933
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeEncore3CodecsAll\
uninstall cmd: MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
publisher: Adobe Systems Incorporated

Adobe Default Language CS3 1.0 ({B9B35331-B7E4-4E5C-BF4C-7BC87856124D})
version: 16777216
version (major): 1
estimated size: 1742
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\
uninstall cmd: MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
publisher: Adobe Systems Incorporated

Adobe Extension Manager CS3 1.8 ({BE5F3842-8309-4754-92D5-83E02E6077A3})
version: 17301504
version (major): 1
version (minor): 8
estimated size: 50898
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeExtensionManager1.8All\
uninstall cmd: MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
publisher: Adobe Systems Incorporated

Adobe ExtendScript Toolkit 2 2.0 ({C2D69781-F392-4118-A5A7-C7E9C38DBFC2})
version: 33554432
version (major): 2
estimated size: 16114
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\
uninstall cmd: MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
publisher: Adobe Systems Incorporated

Apple Mobile Device Support 2.5.2.2 ({C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3})
version: 33882114
version (major): 2
version (minor): 5
estimated size: 42585
install date: 20090911
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP409.TMP\
uninstall cmd: MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Adobe WAS CS3 1.0 ({C5BD220A-EFE8-48A5-B70E-9503D535FACE})
version: 16777216
version (major): 1
estimated size: 629
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeWASAll\
uninstall cmd: MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
publisher: Adobe Systems Incorporated

QuickTime 7.62.14.0 ({C78EAC6F-7A73-452E-8134-DBB2165C5A68})
version: 121503758
version (major): 7
version (minor): 62
estimated size: 76429
install date: 20090911
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP409.TMP\
uninstall cmd: MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

REALTEK GbE & FE Ethernet PCI-E NIC Driver 1.20.0000 ({C9BED750-1211-4480-B1A5-718A3BE15525})
version: 18087936
install date: 20090929
install location: C:\WINDOWS\OPTIONS\CABS\
install source: C:\Drivers\RTL8111_NonVista\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Realtek

Adobe InDesign CS3 5.0 ({CB3F8375-B600-4B9F-83C9-238ED1E583FD})
version: 83886080
version (major): 5
estimated size: 388899
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeInDesign5en_US\
uninstall cmd: MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
publisher: Adobe Systems Incorporated

Adobe Version Cue CS3 Client 3 ({D0DFF92A-492E-4C40-B862-A74A173C25C5})
version: 50331648
version (major): 3
estimated size: 22411
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeVersionCueClient3All\
uninstall cmd: MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
publisher: Adobe Systems Incorporated

Adobe PDF Library Files 8.0 ({D2559B88-CC9D-4B48-81BB-F492BAA9C48C})
version: 134217728
version (major): 8
estimated size: 59001
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobePDFL8All\
uninstall cmd: MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
publisher: Adobe Systems Incorporated

Adobe XMP Panels CS3 1.0 ({D5A31AB1-345D-47C7-A87B-036A669F6DF1})
version: 16777216
version (major): 1
estimated size: 189
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeXMPPanelsAll\
uninstall cmd: MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
publisher: Adobe Systems Incorporated

LightScribe System Software 1.14.25.1 1.14.25.1 ({DA9DAC64-C947-47BA-B411-8A1959B177CF})
version: 17694745
version (major): 1
version (minor): 14
estimated size: 21414
install date: 20090923
install location: C:\Program Files\Common Files\LightScribe\
install source: H:\Installation\Data\Redist\
uninstall cmd: MsiExec.exe /X{DA9DAC64-C947-47BA-B411-8A1959B177CF}
publisher: LightScribe
comments: LightScribe System Software

Adobe Color Common Settings 1.0 ({DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9})
version: 16777216
version (major): 1
estimated size: 15315
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeColorCommonSetAll\
uninstall cmd: MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
publisher: Adobe Systems Incorporated

Adobe Color JA Extra Settings 1.0 ({DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029})
version: 16777216
version (major): 1
estimated size: 2777
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\
uninstall cmd: MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
publisher: Adobe Systems Incorporated

Ulead Photo Explorer 7.0 SE ({E38E1721-7FE7-11D4-A898-0000E83DCDA6})

Adobe Update Manager CS3 5.1.0 ({E69AE897-9E0B-485C-8552-7841F48D42D8})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 6232
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeAUM5.1All\
uninstall cmd: MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
publisher: Adobe Systems Incorporated

Adobe InDesign CS3 Icon Handler 5.0 ({EA7B3CC4-366D-4CF6-8350-FD7A7034116E})
version: 83886080
version (major): 5
estimated size: 3672
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeInDesignCS3IconHandler\
uninstall cmd: MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
publisher: Adobe Systems Incorporated

Adobe After Effects CS3 8 ({EB0202F7-016A-410C-ADE4-40F848CCC661})
version: 134217728
version (major): 8
estimated size: 347969
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeAfterEffects8All\
uninstall cmd: MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
publisher: Adobe Systems Incorporated

Adobe Illustrator CS3 13.0 ({F08E8D2E-F132-4742-9C87-D5FF223A016A})
version: 218103808
version (major): 13
estimated size: 524060
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeIllustrator13en_US\
uninstall cmd: MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
publisher: Adobe Systems Incorporated

Realtek High Definition Audio Driver 5.10.0.5433 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 35782656
install date: 20090910
install location: C:\Program Files\Realtek\InstallShield\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF4A\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
publisher: Realtek Semiconductor Corp.

e-Sword 6.05.0000 ({F35BC674-5761-4A75-9EA3-4E3E36FF7368})
version: 100990976
version (major): 6
version (minor): 5
estimated size: 643262
install date: 20090911
install source: D:\
uninstall cmd: MsiExec.exe /I{F35BC674-5761-4A75-9EA3-4E3E36FF7368}
publisher: Rick Meyers
contact: support@e-sword.net
help link: http://www.e-sword.net/feedback.html

Adobe Contribute CS3 4.1 ({FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7})
version: 67174400
version (major): 4
version (minor): 1
estimated size: 128075
install date: 20090910
install source: D:\Adobe CS3\payloads\AdobeContribute4.1en_US\
uninstall cmd: MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
publisher: Adobe Systems Incorporated



--- System Services ---
Service (registry key): 6to4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt

Service (registry key): Aavmker4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Asynchronous Virus Monitor
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Embedded Controller Driver
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Adobe Version Cue CS3
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Version Cue CS3
Description: Adobe Version Cue CS3
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service
Image size: 153792
Image MD5: 14C23516C990DCD6052152CF034DDE40
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Image size: 144712
Image MD5: 557F35D1CA42AEA14A6690E21887A31F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: system32\DRIVERS\arp1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aswFsBlk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswFsBlk
Description: avast! mini-filter driver (aswFsBlk)
Image path: system32\DRIVERS\aswFsBlk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): aswMon2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Standard Shield Support
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: aswRdr
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswSP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Self Protection
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): aswTdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Network Shield Support
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): aswUpdSv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! iAVS4 Control Service
Description: Provides automatic updating for the avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Image size: 18752
Image MD5: 5E692B54EC3D9C586417F9C5822CBEC9
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avast! Antivirus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Antivirus
Description: Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Image size: 138680
Image MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: aswMon2,RpcSS

Service (registry key): avast! Mail Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Mail Scanner
Description: Implements mail scanning for avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Image size: 254040
Image MD5: AEF50B1CEA979739EDE53C68556B95E5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): avast! Web Scanner
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Web Scanner
Description: Implements web (HTTP) scanning for avast! antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Image size: 352920
Image MD5: A62A0418BE5A5B8B0ECF3D8F73325113
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: "avast! Antivirus"

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 3F56903E124E820AEECE6D471583C6C1
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Closed Caption Decoder
Image path: system32\DRIVERS\CCDECODE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Please find the third and last half at http://jussy.viviti.com
I hope....Aaaaggghhhhh
Juss

Shaba
2009-10-03, 13:13
Your spybot is outdated.

Please install latest version, run a scan with it and post back fresh spybot report :)

jussy
2009-10-04, 06:02
But not sure: Here is the latest version, scan, report of scan:

--- Search result list ---
DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)


Right Media: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-10-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-29 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-08-10 Includes\Dialer.sbi (*)
2009-09-29 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-29 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-09-29 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-09-29 Includes\Malware.sbi (*)
2009-09-29 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-29 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-29 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-09-15 Includes\Trojans.sbi (*)
2009-09-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627

Located: HK_LM:Run, Adobe_ID0EYTHM
command: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
size: 1884160
MD5: C1873D880786B6B03AF781E23835D925

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: EAF4EE7C73FB0784F2C128029C1ACE1C

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, InCD
command: C:\Program Files\Nero\Nero8\InCD\InCD.exe
file: C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
size: 570664
MD5: D9DDA3A8B656360905CEB764D87BA263

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, Prolific_OneButton
command: C:\Program Files\USBFast\OneBtn.exe
file: C:\Program Files\USBFast\OneBtn.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Prolific2571_OneButton
command: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
file: C:\Program Files\Prolific\EZ-DUB Finder\OneBtn.exe
size: 65536
MD5: 55752F656D353E60E3B735B8EAA91E22

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, Samsung PanelMgr
command: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
file: C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
size: 507904
MD5: 146D4E9013CD87D221AF0F29EA1853C6

Located: HK_LM:Run, SecurDisc
command: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
file: C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC

Located: HK_LM:Run, USIUDF_Eject_Monitor
command: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
file: C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43

Located: HK_LM:Run, WService
command: WService.EXE
file: C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, IncrediMail
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file: C:\Program Files\IncrediMail\bin\IncMail.exe
size: 251336
MD5: 307FB55BD3D0EC649F28A9ABA075632E

Located: HK_CU:Run, IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
file: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1840424
MD5: C44031488DED58FCE58E5D94BC345D30

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: E9ED9D153AFC8F07264CA07836F58188

Located: HK_CU:Run, Messenger (Yahoo!)
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4351216
MD5: B2A71BBFFB31A196DE001CF94EB8D3B4

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1214440339-299502267-725345543-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1667584
MD5: B53343FE60A33EE765C2476D50D27B26

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1214440339-299502267-725345543-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (common), Microtek Scanner Finder.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
file: C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
size: 303104
MD5: 9F21FA11C60ACCD64EEA7209E394473C

Located: Startup (user), Omega ASIO Control Panel.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
file: C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 10/3/2009 7:42:16 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: C:\Program Files\Adobe\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 3/16/2007 3:13:06 PM
Date (last access): 10/3/2009 7:42:16 PM
Date (last write): 3/16/2007 3:13:06 PM
Filesize: 118784
Attributes: archive
MD5: E23691A98928CE49586753982B8402A2
CRC32: 2CAFCB5A
Version: 1.0.0.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 9/11/2009 3:34:22 PM
Date (last access): 10/3/2009 7:45:04 PM
Date (last write): 9/11/2009 3:34:24 PM
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/3/2009 7:06:26 PM
Date (last access): 10/3/2009 7:06:26 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 9/10/2009 2:43:46 PM
Date (last access): 10/3/2009 7:45:04 PM
Date (last write): 5/10/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0



--- ActiveX list ---


--- Process list ---
PID: 0 ( 0) [System]
PID: 1104 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1156 (1104) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1192 (1104) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1236 (1192) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1248 (1192) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1412 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1508 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1656 (1236) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1752 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1928 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 268 (1236) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 5E692B54EC3D9C586417F9C5822CBEC9
PID: 440 (1236) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
PID: 1008 ( 856) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1080 (1236) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1432 (1008) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1824 (1236) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 557F35D1CA42AEA14A6690E21887A31F
PID: 1864 (1236) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 2044 (1236) C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
size: 1442088
MD5: CA32EA0F5FC2A36CA44AD7238F18C248
PID: 244 (1236) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: E75ADCFAFDEF3F4C3AF3332928D59926
PID: 660 (1008) C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
size: 81920
MD5: 1F738A8BE9E7DF6738E26F7FF2B7EB43
PID: 844 (1236) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 0EFEE4F2D23BA2D8B27FBA942106E0E1
PID: 864 (1008) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627
PID: 976 (1236) C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
size: 53032
MD5: A8960FA773CCC3E38515F637E19A76C0
PID: 1136 (1236) C:\WINDOWS\system32\IoctlSvc.exe
size: 81920
MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
PID: 1252 (1236) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1556 (1236) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: CA90D2C55EB3BB90687677BEA3DB0B59
PID: 1608 (1236) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1976 (1236) C:\WINDOWS\System32\Drivers\WTSRV.EXE
size: 40960
MD5: 7D8570C2BC1C04582BA4712746A32604
PID: 2076 (1236) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2096 (1008) C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
size: 507904
MD5: 146D4E9013CD87D221AF0F29EA1853C6
PID: 2116 (1008) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 198160
MD5: 4C784423B8F0DAE1392398356C9BE1FC
PID: 2184 (1008) C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
PID: 2204 (1008) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
PID: 2232 (2212) C:\WINDOWS\system32\WService.EXE
size: 28672
MD5: 01F6951AE841D6E165482F6DD91EA082
PID: 2248 (1008) C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
size: 2049320
MD5: 0E7D1EDC541D5130FFE303D1691A17BD
PID: 2280 (1008) C:\Program Files\Nero\Nero8\InCD\InCD.exe
size: 1083176
MD5: 8AB5F5138DC6DBDCA9B251DAA801F446
PID: 2496 (1008) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: E9ED9D153AFC8F07264CA07836F58188
PID: 2632 (1008) C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
size: 274432
MD5: 259610370722046D475B0A3DA3D13A28
PID: 2812 (1236) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: AEF50B1CEA979739EDE53C68556B95E5
PID: 2864 (1656) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2876 (1236) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: A62A0418BE5A5B8B0ECF3D8F73325113
PID: 3256 (1236) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
size: 537896
MD5: CB992AE1506985D9167E85883B4C3240
PID: 3412 (1412) C:\Program Files\IncrediMail\bin\IMApp.exe
size: 189896
MD5: 0A6E40741DB7FF0B9A1FF50D16CFEAA7
PID: 3784 (1236) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3804 (1236) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
size: 654848
MD5: 227846995AFEEFA70D328BF5334A86A5
PID: 3880 ( 692) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2176 (1008) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/3/2009 7:59:58 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{02AF774D-8BC5-4DCF-8C7B-EFC8FBDBE7F6}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87EDD472-348D-4F6A-ACB7-A7007D62F0E6}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{079E8A00-7320-4C89-ABBE-D8325C565B40}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B146D06-58D6-49B0-B432-808DE8763C0A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF4409CA-0482-481E-A3CB-D6D07ACDCF65}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ACC2C66-C46B-442C-8252-FD887FF65108}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58B42B8D-03EB-4205-A850-3CD6DB6FC68F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
:angel:

THank you so much,Juss

Shaba
2009-10-04, 12:11
Virtumonde hasn't been removed, it was false positive in earlier Spybot version :)

Some other issues left?

Shaba
2009-10-11, 16:09
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.