View Full Version : Win32.FraudLoad.edt won't clean
Hi,
This thing will not go away :)
Even after restarting and a very very long scan, Spybot cannot remove it.
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:13, on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\Conexant\SAII\SAIICpl.exe /c
O4 - HKUS\S-1-5-21-2274058917-4037084290-1638430498-500\..\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE (User 'Administrator')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with XmlPad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: שלח ל&התקן Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: שלח ל-Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_16\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class) - http://w3.castup.net/Yad2/curecorder/resource/cab/CURecorder.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://vpn.dal01.softlayer.com/prx/000/http/localhost/arr_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6233B5-623B-49C1-A3C7-7388BF286678}: NameServer = 10.0.80.11 10.0.80.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Array Utility Service 8,3,1,213 (Array_Utility_Service8.3.1.213) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
--
End of file - 15951 bytes
Hi,
Please post report that shows the threat.
Hi,
Please post report that shows the threat.
How do I do that?
Hi,
Please post report that shows the threat.
I hope this is it:
--- Search result list ---
Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}
Right Media: Tracking cookie (Internet Explorer: Yogev) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-10-06 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-10-06 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-06 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-10-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-10-06 Includes\Malware.sbi (*)
2009-10-06 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-06 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-10-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-10-06 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi (*)
2009-10-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB973874)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Hotfix for Windows XP (KB949764)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Hotfix for Windows XP (KB970685)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, cssauth
command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
Located: HK_LM:Run, egui
command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 2029640
MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
Located: HK_LM:Run, FingerPrintSoftware
command: "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
file: C:\Program Files\Lenovo Fingerprint Software\fpapp.exe
size: 12095488
MD5: 7C4719451EF49A48E00C10F82AC98EC7
Located: HK_LM:Run, LENOVO.TPFNF6R
command: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
file: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
size: 15136
MD5: 33FD3FA73602A600FDB2D4B655903454
Located: HK_LM:Run, LPMailChecker
command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
size: 124248
MD5: 0FE121EF4E7EA2132CBC283C662F2425
Located: HK_LM:Run, PWRMGRTR
command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
file: C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
size: 417792
MD5: 11390D03395A0D9AB87A94B2CF0E086D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9
Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: 2659F9B422673A98D5629FA3294F5DF3
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 524288
MD5: 65EB543EFEB395DDF4E0BB764DE089D0
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 122880
MD5: 125481AFA36D3E3AB44E3D745DBA05EB
Located: HK_LM:Run, TPFNF7
command: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
file: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
size: 60192
MD5: 9423689404249FF340B1009ACFE60465
Located: HK_LM:Run, TPHOTKEY
command: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
file: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 68976
MD5: 0BF10B23779565BC472BEEBE3B9A20D9
Located: HK_LM:Run, tsnp2uvc
command: C:\WINDOWS\tsnp2uvc.exe
file: C:\WINDOWS\tsnp2uvc.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_LM:Run, ACTray (DISABLED)
command: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
size: 425984
MD5: BCF1FF4C10C3D36CA94FDDCE69C599B6
Located: HK_LM:Run, ACWLIcon (DISABLED)
command: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
size: 143360
MD5: E6D7E7697489F9D52C627B3A6C6154C0
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, BLOG (DISABLED)
command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
file: C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL
size: 208896
MD5: C31CAF9DD23823745159071D58CA47B5
Located: HK_LM:Run, cssauth (DISABLED)
command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
Located: HK_LM:Run, EZEJMNAP (DISABLED)
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
Located: HK_LM:Run, LPManager (DISABLED)
command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
size: 165208
MD5: E081FFE1890C1F523EA375500BF0A3B9
Located: HK_LM:Run, StartCCC (DISABLED)
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: 2659F9B422673A98D5629FA3294F5DF3
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
size: 75256
MD5: 1A4DD55F29E1D1422396B9B23D886F72
Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, googletalk
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
file: C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, Skype
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 22880040
MD5: 72F095A18223E1072F242EA25D1C6E8E
Located: HK_CU:Run, SmartAudio
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\Program Files\Conexant\SAII\SAIICpl.exe /c
file: C:\Program Files\Conexant\SAII\SAIICpl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, CTRLWOL
where: S-1-5-21-2274058917-4037084290-1638430498-500...
command: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
file: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
file: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 604776
MD5: 245B2ED592C5763D12203856E861CC31
Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\palmOne\Hotsync.exe
file: C:\Program Files\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (disabled), Digital Line Detect.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), GlobeTrotter Connect (DISABLED)
command: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE /noshow
file: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE
size: 864256
MD5: B7034FFE2BE158E77053EC88F576320F
Located: WinLogon, ACNotify
command: ACNotify.dll
file: ACNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ATFUS
command: C:\WINDOWS\system32\FpWinLogonNp.dll
file: C:\WINDOWS\system32\FpWinLogonNp.dll
size: 180224
MD5: C505CB1F0E58452F98647549ED48048D
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, tpfnf2
command: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
file: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
size: 34344
MD5: 0C3E484BF4AEC2749A9F4D0A91870780
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 22:08:42
Date (last access): 11/10/2009 10:34:04
Date (last write): 22/10/2006 22:08:42
Filesize: 62080
Attributes:
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 08/06/2009 11:19:28
Date (last access): 11/10/2009 10:34:04
Date (last write): 26/01/2009 14:31:02
Filesize: 1879896
Attributes:
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_16\bin\
Long name: ssv.dll
Short name:
Date (created): 28/05/2008 12:03:40
Date (last access): 11/10/2009 10:34:04
Date (last write): 28/05/2008 12:18:42
Filesize: 452080
Attributes:
MD5: 62835C8B1C082A007188EFCCBFA9CD04
CRC32: CD3BC97F
Version: 5.0.160.2
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 14:41:30
Date (last access): 11/10/2009 10:34:04
Date (last write): 22/01/2009 14:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} (Password Manager Browser Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Password Manager Browser Helper Object
CLSID name: IePasswordManagerHelper Class
Path: C:\Program Files\Lenovo\Client Security Solution\
Long name: tvtpwm_ie_com.dll
Short name: TVTPWM~1.DLL
Date (created): 04/03/2009 21:27:22
Date (last access): 11/10/2009 10:34:04
Date (last write): 04/03/2009 21:27:22
Filesize: 816440
Attributes:
MD5: 2373713DA0D182338CE33E2D9BEC8302
CRC32: 021FFE63
Version: 3.0.205.0
--- ActiveX list ---
{2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class)
DPF name:
CLSID name: IASRunner Class
Installer: C:\WINDOWS\Downloaded Program Files\acpir.inf
Codebase: http://www-307.ibm.com/pc/support/acpir.cab
description:
classification: Open for discussion
known filename: acpir2.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: acpir2.dll
Short name:
Date (created): 26/03/2007 12:34:44
Date (last access): 08/10/2009 18:25:18
Date (last write): 26/03/2007 12:34:44
Filesize: 145008
Attributes: archive
MD5: 125C193CC7C9E39AC275708EE1ED9295
CRC32: AF998D3E
Version: 1.0.0.9
{31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class)
DPF name:
CLSID name: WMRecorder Class
Installer: C:\WINDOWS\Downloaded Program Files\CURecorder.inf
Codebase: http://w3.castup.net/Yad2/curecorder/resource/cab/CURecorder.cab
Path: C:\WINDOWS\system32\
Long name: CURecorder.dll
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 18/10/2007 09:04:16
Date (last access): 11/10/2009 10:59:20
Date (last write): 18/10/2007 09:04:16
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_16
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_16\bin\
Long name: NPJPI150_16.dll
Short name: NPJPI1~1.DLL
Date (created): 28/05/2008 12:03:40
Date (last access): 08/10/2009 18:25:18
Date (last write): 28/05/2008 12:18:42
Filesize: 75264
Attributes:
MD5: DDE7BAC61E2A285F05BFCD0B557142AB
CRC32: 28EBFE28
Version: 5.0.160.2
{B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control)
DPF name:
CLSID name: ArrVPNAX Control
Installer: C:\WINDOWS\Downloaded Program Files\arr_vpn.inf
Codebase: https://vpn.dal01.softlayer.com/prx/000/http/localhost/arr_x.cab
Path: C:\WINDOWS\system32\
Long name: arr_x.ocx
Short name:
Date (created): 30/03/2009 11:47:58
Date (last access): 08/10/2009 18:25:18
Date (last write): 30/03/2009 11:47:58
Filesize: 94280
Attributes: archive
MD5: 72816D8FCD16BAFC13E7C1B0D0524168
CRC32: D86F04A2
Version: 8.3.1.213
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 20/07/2009 11:29:34
Date (last access): 11/10/2009 10:59:26
Date (last write): 20/07/2009 11:29:34
Filesize: 524288
Attributes: archive
MD5: 4D5BD4D224A14B854462B37AE226AD8A
CRC32: A777A82B
Version: 12.0.5624.1000
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_16
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_16\bin\
Long name: NPJPI150_16.dll
Short name: NPJPI1~1.DLL
Date (created): 28/05/2008 12:03:40
Date (last access): 11/10/2009 11:21:08
Date (last write): 28/05/2008 12:18:42
Filesize: 75264
Attributes:
MD5: DDE7BAC61E2A285F05BFCD0B557142AB
CRC32: 28EBFE28
Version: 5.0.160.2
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_16
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_16\bin\
Long name: NPJPI150_16.dll
Short name: NPJPI1~1.DLL
Date (created): 28/05/2008 12:03:40
Date (last access): 11/10/2009 11:21:08
Date (last write): 28/05/2008 12:18:42
Filesize: 75264
Attributes:
MD5: DDE7BAC61E2A285F05BFCD0B557142AB
CRC32: 28EBFE28
Version: 5.0.160.2
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 18/07/2009 05:12:12
Date (last access): 11/10/2009 10:34:54
Date (last write): 18/07/2009 05:12:12
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18
{D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://www.tapuz.co.il/irc/main/launcher.cab
description:
classification: Open for discussion
known filename: launcher.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: launcher.ocx
Short name:
Date (created): 10/01/2009 20:56:06
Date (last access): 08/10/2009 18:25:18
Date (last write): 10/01/2009 20:56:06
Filesize: 458752
Attributes: archive
MD5: D654AE4E4DB4B6FD8025888BEF3231F3
CRC32: 6D3C84CB
Version: 1.0.0.1
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
Codebase: https://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 01/06/2009 00:23:06
Date (last access): 08/10/2009 18:25:18
Date (last write): 01/06/2009 00:23:06
Filesize: 99216
Attributes: archive
MD5: D0C2E12F40FAE255E78E210BF00DC741
CRC32: D71A7E78
Version: 2.1.0.0
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 976 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1100 ( 976) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1132 ( 976) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 1176 (1132) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1188 (1132) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1372 (1176) C:\WINDOWS\system32\DTS.exe
size: 98304
MD5: A001463CECD4858C789559F3AE47E453
PID: 1384 (1176) C:\WINDOWS\system32\ibmpmsvc.exe
size: 38176
MD5: 822675EB6DD6F078316AA6EBC545518C
PID: 1416 (1176) C:\WINDOWS\system32\AtService.exe
size: 1680632
MD5: 9B86567A73931608023A7642A173A095
PID: 1444 (1176) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: 838B66554A9F896BE6BC6E036925340E
PID: 1460 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1540 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1580 (1176) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1668 (1176) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
size: 909312
MD5: 55CCC8CED5778556F6B516B3858AC970
PID: 1732 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1800 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 288 (1176) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 360 (1132) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: 838B66554A9F896BE6BC6E036925340E
PID: 788 ( 760) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1036 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 568 (1176) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
size: 62320
MD5: A2080872EFB7582B43762141AE8D61B9
PID: 1152 (1176) C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
size: 344139
MD5: 4C03995321648780E123D9B42827D3D1
PID: 1608 (1176) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
size: 90112
MD5: 399332484EC3DA416A8691D42023DF56
PID: 1652 (1176) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
size: 72704
MD5: 0D52AA08491A827FBA10DE8DE0E2885F
PID: 1740 (1176) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
size: 731840
MD5: A5F63285C1B6C4B396D9ACE0DFFC88EF
PID: 1964 (1176) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
size: 870672
MD5: 53CCA6B4DF0977074E85C9A18F42B5CC
PID: 1980 (1176) C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
size: 196704
MD5: 4A58B52E866BC50F81F63FE181384982
PID: 2008 (1176) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
size: 112152
MD5: 213822072085B5BBAD9AF30AB577D817
PID: 2128 (1176) C:\Program Files\Intel\AMT\LMS.exe
size: 174616
MD5: 6A38BF67BBA38E8087F2A0F05FAB6DE7
PID: 2476 (1176) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
size: 473360
MD5: 7C4391419852DFC331F6AF620C33AF3C
PID: 2520 (1176) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2536 (1176) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
size: 750904
MD5: 1C7B8E69BF9557A17A17F2120892ACF9
PID: 2608 (1176) C:\WINDOWS\System32\TPHDEXLG.exe
size: 39976
MD5: 5A726E3CC83655EF71912C4775D004F9
PID: 2676 (1176) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
size: 779576
MD5: DDD4A2C9A37B93C7D8A539F785572565
PID: 2696 (1176) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
size: 520192
MD5: D6EE5DCB3EC401BAA10395809047935E
PID: 2712 (1176) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
size: 950272
MD5: 0DB73F3FB565CF028C7458C70FA59121
PID: 2744 (1176) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
size: 1155072
MD5: 6C69FE90F0CC12EF0638AE10DFA4DB4E
PID: 2768 (1176) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
size: 360448
MD5: 22A001F3FBB92E3811C3BFD8FDAD3ED3
PID: 2804 (1176) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2832 (1176) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
size: 2058776
MD5: FA84735377D00E12597D2A1D8D2C320E
PID: 2928 (1176) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
size: 53248
MD5: F4BE7426345FEE3FF88834CDEA77E9A1
PID: 2968 (1176) c:\program files\lenovo\system update\suservice.exe
size: 28672
MD5: ECC419E6AC1FE8EA5F9E792D2C9B1737
PID: 3000 (1176) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
size: 212992
MD5: 99B521BC52FA1517D917EF53D920F0C5
PID: 3280 (1176) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
size: 346720
MD5: 84188314C5F1B10B20F624C1343A0C49
PID: 3556 (1176) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3572 (1460) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 4032 (3000) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
size: 126976
MD5: 51C4DD645935159ED2CD8458F8A50DB0
PID: 700 ( 788) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 122880
MD5: 125481AFA36D3E3AB44E3D745DBA05EB
PID: 1644 ( 788) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 524288
MD5: 65EB543EFEB395DDF4E0BB764DE089D0
PID: 1692 ( 788) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
size: 60192
MD5: 9423689404249FF340B1009ACFE60465
PID: 1896 ( 788) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 68976
MD5: 0BF10B23779565BC472BEEBE3B9A20D9
PID: 1932 ( 788) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
size: 124248
MD5: 0FE121EF4E7EA2132CBC283C662F2425
PID: 1936 ( 788) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 2092 ( 788) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
PID: 2072 ( 788) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
PID: 2144 (1952) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: 33C014C1709F7222CEFF61B780EDC967
PID: 3364 ( 788) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 2029640
MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
PID: 580 ( 788) C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
size: 15136
MD5: 33FD3FA73602A600FDB2D4B655903454
PID: 1476 ( 788) C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
PID: 2192 ( 788) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
PID: 2440 ( 788) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2416 ( 788) C:\Program Files\Skype\Phone\Skype.exe
size: 22880040
MD5: 72F095A18223E1072F242EA25D1C6E8E
PID: 2960 (1896) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
size: 67432
MD5: 72D9419E4AA1C40C9E34821722D335C8
PID: 2004 (1896) C:\Program Files\Lenovo\Zoom\TpScrex.exe
size: 128368
MD5: 58CBD24C7BD44388CD516DE81C0ACAFF
PID: 3600 ( 788) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 604776
MD5: 245B2ED592C5763D12203856E861CC31
PID: 2572 (2144) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
size: 49152
MD5: BA7D56C1F3DD385EE58ADDA14C6FFB54
PID: 2584 ( 788) C:\Program Files\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
PID: 3244 (1460) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
size: 1456768
MD5: CB3A8823ED587BCD476387A8155170D3
PID: 3876 ( 788) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 199688
MD5: 8219160C141B505AB5C112F73405C348
PID: 2448 (1176) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3792 (2416) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 2040776
MD5: 942A6D257DBDA957C4B19169B3BBBC7D
PID: 1048 (2072) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
size: 865592
MD5: CC1D3E199BF1EEAF4B2FE07B17DD8C29
PID: 968 (1460) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 5476 (1460) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12314456
MD5: 677DFF359C288A2F2CDE810BFF049E7F
PID: 4392 ( 788) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 4F201BA5F08B6726A32886655DA53FB1
PID: 4672 (1496) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
size: 341616
MD5: 80660C611B596FFE8AF4074B31AA6FB7
PID: 4760 ( 788) C:\Program Files\TextMe\TextMe.exe
size: 319488
MD5: A977BB7D6C44B61A705F13206C146476
PID: 2168 ( 788) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4984 (2168) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 688 ( 788) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4548 (2168) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/10/2009 11:21:08
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.walla.co.il/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hi,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
How's the system running?
System is running OK.
Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2941
Windows 5.1.2600 Service Pack 3
11/10/2009 16:58:08
mbam-log-2009-10-11 (16-58-08).txt
Scan type: Full Scan (C:\|)
Objects scanned: 220309
Time elapsed: 1 hour(s), 1 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys (Worm.Spambot) -> Delete on reboot.
Good. Let's update your Java.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Is your Adobe Reader version earlier than 8.1.6? If it is, launch Adobe Reader and update it to non vulnerable version.
Post a fresh hjt log and let me know if that registry entry still shows in scan results.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:37, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\Conexant\SAII\SAIICpl.exe /c
O4 - HKUS\S-1-5-21-2274058917-4037084290-1638430498-500\..\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE (User 'Administrator')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with XmlPad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: שלח ל&התקן Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: שלח ל-Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class) - http://w3.castup.net/Yad2/curecorder/resource/cab/CURecorder.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://vpn.dal01.softlayer.com/prx/000/http/localhost/arr_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Array Utility Service 8,3,1,213 (Array_Utility_Service8.3.1.213) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
--
End of file - 15797 bytes
Only issue left is the "right media" that keeps showing on each scan, even after it's fixed on the last scan.
Spybot log:
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Yogev) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-10-06 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-10-06 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-06 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-10-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-10-06 Includes\Malware.sbi (*)
2009-10-06 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-06 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-10-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-10-06 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi (*)
2009-10-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB973874)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Hotfix for Windows XP (KB949764)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Hotfix for Windows XP (KB970685)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, cssauth
command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
Located: HK_LM:Run, egui
command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 2029640
MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
Located: HK_LM:Run, FingerPrintSoftware
command: "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
file: C:\Program Files\Lenovo Fingerprint Software\fpapp.exe
size: 12095488
MD5: 7C4719451EF49A48E00C10F82AC98EC7
Located: HK_LM:Run, LENOVO.TPFNF6R
command: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
file: C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
size: 15136
MD5: 33FD3FA73602A600FDB2D4B655903454
Located: HK_LM:Run, LPMailChecker
command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
size: 124248
MD5: 0FE121EF4E7EA2132CBC283C662F2425
Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1312080
MD5: C5FCC0B761069FABD59E41B7C3280DDF
Located: HK_LM:Run, PWRMGRTR
command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
file: C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
size: 417792
MD5: 11390D03395A0D9AB87A94B2CF0E086D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9
Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: 2659F9B422673A98D5629FA3294F5DF3
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 524288
MD5: 65EB543EFEB395DDF4E0BB764DE089D0
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 122880
MD5: 125481AFA36D3E3AB44E3D745DBA05EB
Located: HK_LM:Run, TPFNF7
command: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
file: C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
size: 60192
MD5: 9423689404249FF340B1009ACFE60465
Located: HK_LM:Run, TPHOTKEY
command: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
file: C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 68976
MD5: 0BF10B23779565BC472BEEBE3B9A20D9
Located: HK_LM:Run, tsnp2uvc
command: C:\WINDOWS\tsnp2uvc.exe
file: C:\WINDOWS\tsnp2uvc.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ACTray (DISABLED)
command: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
size: 425984
MD5: BCF1FF4C10C3D36CA94FDDCE69C599B6
Located: HK_LM:Run, ACWLIcon (DISABLED)
command: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
size: 143360
MD5: E6D7E7697489F9D52C627B3A6C6154C0
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, BLOG (DISABLED)
command: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
file: C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL
size: 208896
MD5: C31CAF9DD23823745159071D58CA47B5
Located: HK_LM:Run, cssauth (DISABLED)
command: "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
file: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
Located: HK_LM:Run, EZEJMNAP (DISABLED)
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
Located: HK_LM:Run, LPManager (DISABLED)
command: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
file: C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
size: 165208
MD5: E081FFE1890C1F523EA375500BF0A3B9
Located: HK_LM:Run, StartCCC (DISABLED)
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: 2659F9B422673A98D5629FA3294F5DF3
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, googletalk
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
file: C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, Skype
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 22880040
MD5: 72F095A18223E1072F242EA25D1C6E8E
Located: HK_CU:Run, SmartAudio
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\Program Files\Conexant\SAII\SAIICpl.exe /c
file: C:\Program Files\Conexant\SAII\SAIICpl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-2274058917-4037084290-1638430498-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:RunOnce, CTRLWOL
where: S-1-5-21-2274058917-4037084290-1638430498-500...
command: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
file: C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
file: C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 604776
MD5: 245B2ED592C5763D12203856E861CC31
Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\palmOne\Hotsync.exe
file: C:\Program Files\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (disabled), Digital Line Detect.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), GlobeTrotter Connect (DISABLED)
command: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE /noshow
file: C:\PROGRA~1\Option\GLOBET~1\GLOBET~1.EXE
size: 864256
MD5: B7034FFE2BE158E77053EC88F576320F
Located: WinLogon, ACNotify
command: ACNotify.dll
file: ACNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ATFUS
command: C:\WINDOWS\system32\FpWinLogonNp.dll
file: C:\WINDOWS\system32\FpWinLogonNp.dll
size: 180224
MD5: C505CB1F0E58452F98647549ED48048D
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, tpfnf2
command: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
file: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
size: 34344
MD5: 0C3E484BF4AEC2749A9F4D0A91870780
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 22:08:42
Date (last access): 12/10/2009 08:59:26
Date (last write): 22/10/2006 22:08:42
Filesize: 62080
Attributes:
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 08/06/2009 11:19:28
Date (last access): 12/10/2009 08:59:26
Date (last write): 26/01/2009 14:31:02
Filesize: 1879896
Attributes:
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 14:41:30
Date (last access): 12/10/2009 08:59:28
Date (last write): 22/01/2009 14:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} (Password Manager Browser Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Password Manager Browser Helper Object
CLSID name: IePasswordManagerHelper Class
Path: C:\Program Files\Lenovo\Client Security Solution\
Long name: tvtpwm_ie_com.dll
Short name: TVTPWM~1.DLL
Date (created): 04/03/2009 21:27:22
Date (last access): 12/10/2009 08:59:28
Date (last write): 04/03/2009 21:27:22
Filesize: 816440
Attributes:
MD5: 2373713DA0D182338CE33E2D9BEC8302
CRC32: 021FFE63
Version: 3.0.205.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/10/2009 01:13:12
Date (last access): 12/10/2009 08:59:28
Date (last write): 12/10/2009 01:13:12
Filesize: 41760
Attributes: archive
MD5: 7AF9D3B7B88AF81D2F87AA846DC2EE70
CRC32: 00DFC49A
Version: 6.0.160.1
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 12/10/2009 01:13:14
Date (last access): 12/10/2009 08:59:30
Date (last write): 12/10/2009 01:13:14
Filesize: 73728
Attributes: archive
MD5: 37EDBCC7E5E0B89E59941FF79A2F9746
CRC32: 60D1666F
Version: 6.0.160.1
--- ActiveX list ---
{2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class)
DPF name:
CLSID name: IASRunner Class
Installer: C:\WINDOWS\Downloaded Program Files\acpir.inf
Codebase: http://www-307.ibm.com/pc/support/acpir.cab
description:
classification: Open for discussion
known filename: acpir2.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: acpir2.dll
Short name:
Date (created): 26/03/2007 12:34:44
Date (last access): 12/10/2009 09:24:40
Date (last write): 26/03/2007 12:34:44
Filesize: 145008
Attributes: archive
MD5: 125C193CC7C9E39AC275708EE1ED9295
CRC32: AF998D3E
Version: 1.0.0.9
{31831E9D-26EC-408F-9F27-787F098BD8C9} (WMRecorder Class)
DPF name:
CLSID name: WMRecorder Class
Installer: C:\WINDOWS\Downloaded Program Files\CURecorder.inf
Codebase: http://w3.castup.net/Yad2/curecorder/resource/cab/CURecorder.cab
Path: C:\WINDOWS\system32\
Long name: CURecorder.dll
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 18/10/2007 09:04:16
Date (last access): 12/10/2009 09:14:04
Date (last write): 18/10/2007 09:04:16
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2009 01:13:14
Date (last access): 12/10/2009 01:13:14
Date (last write): 12/10/2009 01:13:14
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1
{B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control)
DPF name:
CLSID name: ArrVPNAX Control
Installer: C:\WINDOWS\Downloaded Program Files\arr_vpn.inf
Codebase: https://vpn.dal01.softlayer.com/prx/000/http/localhost/arr_x.cab
Path: C:\WINDOWS\system32\
Long name: arr_x.ocx
Short name:
Date (created): 30/03/2009 11:47:58
Date (last access): 11/10/2009 16:47:06
Date (last write): 30/03/2009 11:47:58
Filesize: 94280
Attributes: archive
MD5: 72816D8FCD16BAFC13E7C1B0D0524168
CRC32: D86F04A2
Version: 8.3.1.213
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 20/07/2009 11:29:34
Date (last access): 12/10/2009 09:14:10
Date (last write): 20/07/2009 11:29:34
Filesize: 524288
Attributes: archive
MD5: 4D5BD4D224A14B854462B37AE226AD8A
CRC32: A777A82B
Version: 12.0.5624.1000
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2009 01:13:14
Date (last access): 12/10/2009 09:34:02
Date (last write): 12/10/2009 01:13:14
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2009 01:13:14
Date (last access): 12/10/2009 09:34:02
Date (last write): 12/10/2009 01:13:14
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 18/07/2009 05:12:12
Date (last access): 12/10/2009 08:59:36
Date (last write): 18/07/2009 05:12:12
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18
{D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://www.tapuz.co.il/irc/main/launcher.cab
description:
classification: Open for discussion
known filename: launcher.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: launcher.ocx
Short name:
Date (created): 10/01/2009 20:56:06
Date (last access): 12/10/2009 09:24:42
Date (last write): 10/01/2009 20:56:06
Filesize: 458752
Attributes: archive
MD5: D654AE4E4DB4B6FD8025888BEF3231F3
CRC32: 6D3C84CB
Version: 1.0.0.1
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\WINDOWS\Downloaded Program Files\ieatgpc.inf
Codebase: https://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 01/06/2009 00:23:06
Date (last access): 12/10/2009 09:24:42
Date (last write): 01/06/2009 00:23:06
Filesize: 99216
Attributes: archive
MD5: D0C2E12F40FAE255E78E210BF00DC741
CRC32: D71A7E78
Version: 2.1.0.0
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 968 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1088 ( 968) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1124 ( 968) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 1168 (1124) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1180 (1124) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1360 (1168) C:\WINDOWS\system32\DTS.exe
size: 98304
MD5: A001463CECD4858C789559F3AE47E453
PID: 1372 (1168) C:\WINDOWS\system32\ibmpmsvc.exe
size: 38176
MD5: 822675EB6DD6F078316AA6EBC545518C
PID: 1404 (1168) C:\WINDOWS\system32\AtService.exe
size: 1680632
MD5: 9B86567A73931608023A7642A173A095
PID: 1432 (1168) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: 838B66554A9F896BE6BC6E036925340E
PID: 1452 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1528 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1568 (1168) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1660 (1168) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
size: 909312
MD5: 55CCC8CED5778556F6B516B3858AC970
PID: 1752 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1792 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 280 (1168) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 352 (1124) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: 838B66554A9F896BE6BC6E036925340E
PID: 644 ( 528) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1940 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2000 (1168) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
size: 62320
MD5: A2080872EFB7582B43762141AE8D61B9
PID: 1988 (1168) C:\Program Files\Array Networks\Common\8,3,1,213\arr_isrv.exe
size: 344139
MD5: 4C03995321648780E123D9B42827D3D1
PID: 536 (1168) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
size: 90112
MD5: 399332484EC3DA416A8691D42023DF56
PID: 668 (1168) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
size: 72704
MD5: 0D52AA08491A827FBA10DE8DE0E2885F
PID: 764 (1168) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
size: 731840
MD5: A5F63285C1B6C4B396D9ACE0DFFC88EF
PID: 856 (1168) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
size: 870672
MD5: 53CCA6B4DF0977074E85C9A18F42B5CC
PID: 596 (1168) C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
size: 196704
MD5: 4A58B52E866BC50F81F63FE181384982
PID: 1044 (1168) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
size: 112152
MD5: 213822072085B5BBAD9AF30AB577D817
PID: 1620 (1168) C:\Program Files\Intel\AMT\LMS.exe
size: 174616
MD5: 6A38BF67BBA38E8087F2A0F05FAB6DE7
PID: 2204 (1168) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
size: 473360
MD5: 7C4391419852DFC331F6AF620C33AF3C
PID: 2240 (1168) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2284 (1168) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
size: 750904
MD5: 1C7B8E69BF9557A17A17F2120892ACF9
PID: 2328 (1168) C:\WINDOWS\System32\TPHDEXLG.exe
size: 39976
MD5: 5A726E3CC83655EF71912C4775D004F9
PID: 2416 (1168) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
size: 779576
MD5: DDD4A2C9A37B93C7D8A539F785572565
PID: 2432 (1168) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
size: 520192
MD5: D6EE5DCB3EC401BAA10395809047935E
PID: 2452 (1168) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
size: 950272
MD5: 0DB73F3FB565CF028C7458C70FA59121
PID: 2492 (1168) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
size: 1155072
MD5: 6C69FE90F0CC12EF0638AE10DFA4DB4E
PID: 2516 (1168) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
size: 360448
MD5: 22A001F3FBB92E3811C3BFD8FDAD3ED3
PID: 2552 (1168) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2584 (1168) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
size: 2058776
MD5: FA84735377D00E12597D2A1D8D2C320E
PID: 2668 (1168) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
size: 53248
MD5: F4BE7426345FEE3FF88834CDEA77E9A1
PID: 2696 (1168) c:\program files\lenovo\system update\suservice.exe
size: 28672
MD5: ECC419E6AC1FE8EA5F9E792D2C9B1737
PID: 2764 (1168) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
size: 212992
MD5: 99B521BC52FA1517D917EF53D920F0C5
PID: 3096 (1168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
size: 346720
MD5: 84188314C5F1B10B20F624C1343A0C49
PID: 3200 (1452) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3324 (2764) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
size: 126976
MD5: 51C4DD645935159ED2CD8458F8A50DB0
PID: 3696 (1168) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2864 ( 644) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 524288
MD5: 65EB543EFEB395DDF4E0BB764DE089D0
PID: 3524 ( 644) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
size: 60192
MD5: 9423689404249FF340B1009ACFE60465
PID: 1984 ( 644) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 68976
MD5: 0BF10B23779565BC472BEEBE3B9A20D9
PID: 3556 ( 644) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
size: 124248
MD5: 0FE121EF4E7EA2132CBC283C662F2425
PID: 3612 ( 644) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 3628 (2864) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 122880
MD5: 125481AFA36D3E3AB44E3D745DBA05EB
PID: 3664 (3636) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: 33C014C1709F7222CEFF61B780EDC967
PID: 3748 ( 644) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 256576
MD5: 13FF0C420AECEB92FB0AD83A9A11A977
PID: 3752 ( 644) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
size: 3093816
MD5: 91CFBFC27586DB0EE3AE5E324583F910
PID: 3408 ( 644) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 2029640
MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943
PID: 3680 ( 644) C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
size: 15136
MD5: 33FD3FA73602A600FDB2D4B655903454
PID: 3956 ( 644) C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
PID: 3884 ( 644) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
PID: 4000 (1984) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
size: 67432
MD5: 72D9419E4AA1C40C9E34821722D335C8
PID: 2692 (1984) C:\Program Files\Lenovo\Zoom\TpScrex.exe
size: 128368
MD5: 58CBD24C7BD44388CD516DE81C0ACAFF
PID: 3784 ( 644) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3660 ( 644) C:\Program Files\Skype\Phone\Skype.exe
size: 22880040
MD5: 72F095A18223E1072F242EA25D1C6E8E
PID: 2176 ( 644) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 604776
MD5: 245B2ED592C5763D12203856E861CC31
PID: 812 ( 644) C:\Program Files\palmOne\Hotsync.exe
size: 471040
MD5: F8FB2CA91F25D3EAA2CAE2F0B55FEC54
PID: 2644 (3664) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
size: 49152
MD5: BA7D56C1F3DD385EE58ADDA14C6FFB54
PID: 3308 (1452) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
size: 1456768
MD5: CB3A8823ED587BCD476387A8155170D3
PID: 3840 (3752) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
size: 865592
MD5: CC1D3E199BF1EEAF4B2FE07B17DD8C29
PID: 728 (3660) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 2040776
MD5: 942A6D257DBDA957C4B19169B3BBBC7D
PID: 4136 (1452) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 848 (1168) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 09417134F248DFCEEA15C72BCC87F592
PID: 3048 (5976) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
size: 341616
MD5: 80660C611B596FFE8AF4074B31AA6FB7
PID: 5764 ( 644) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 199688
MD5: 8219160C141B505AB5C112F73405C348
PID: 6108 (1452) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12314456
MD5: 677DFF359C288A2F2CDE810BFF049E7F
PID: 5712 ( 644) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 4F201BA5F08B6726A32886655DA53FB1
PID: 4580 ( 644) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 6064 (4580) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 880 ( 644) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3172 ( 644) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1312080
MD5: C5FCC0B761069FABD59E41B7C3280DDF
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/10/2009 09:34:09
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.walla.co.il/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E95F6852-4F01-4B5C-8D40-FD567B1B3589}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7C0FD36-BDE7-40B6-904A-6A2880A949A6}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3AA660F9-6D69-4488-BBD2-695CC22A98C8}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{101668F9-297C-4BA4-82F9-1D252F2E1FC9}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2D3AB22-C487-4582-BE21-FD8DD4BA2B44}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0A2A711-7C78-4CF8-A419-692C53E99364}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C3A4342-B0B6-48D5-89EB-E348D75FF356}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FCAC8FF-F704-4F1E-A978-1489628567F9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB3A4F7A-9679-4140-9037-7CB0ED9E0D14}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F03338F-697D-4D9D-B222-A474373977BC}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B6233B5-623B-49C1-A3C7-7388BF286678}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Hi,
Those cookies are nothing to worry about :). However, if you want to reduce amount of them and make surfing experience better you may want to try Mvps hosts file. It can be downloaded here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html).
Thank you very much for all the help!
It's great to have suc good people on the net :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.