View Full Version : Win32.Wemon.sh not fixed
Spybot says 2 registry entries fixed (see attached), but when a rescan is performed the same errors appear.
Hi,
Please follow the instructions in BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) topic and post back dds.txt & attach.txt contents of DDS run.
--- Search result list ---
Win32.Wemon.sh: [SBI $A549C0EB] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
Win32.Wemon.sh: [SBI $704D6C77] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-27 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-07-27 Includes\Keyloggers.sbi (*)
2010-07-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-27 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-07-26 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-07-28 Includes\TrojansC-05.sbi (*)
2010-07-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player: Security Update for Windows Media Player (KB978695)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB972636)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB982381)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
/ Windows XP / SP4: Security Update for Windows XP (KB2229593)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Hotfix for Windows XP (KB942288-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952117-v2)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Hotfix for Windows XP (KB958655-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969897)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975562)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977165)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978251)
/ Windows XP / SP4: Security Update for Windows XP (KB978262)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978542)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Hotfix for Windows XP (KB979306)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979482)
/ Windows XP / SP4: Security Update for Windows XP (KB979559)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB980195)
/ Windows XP / SP4: Security Update for Windows XP (KB980218)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)
/ Windows XP / SP4: Hotfix for Windows XP (KB981793)
--- Startup entries list ---
Located: HK_LM:Run, \\ckaymo\EPSON Stylus CX3800 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "\\ckaymo\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
size: 179200
MD5: F6BEE047EFD364569570AA84DEFABD28
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 57344
MD5: EA31039E691C6F8F5469649526EEA5FB
Located: HK_LM:Run, Auto EPSON Stylus CX3800 Series on ckaymo
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on ckaymo" /O14 "\\CKAYMO\Epson" /M "Stylus CX3800"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
size: 179200
MD5: F6BEE047EFD364569570AA84DEFABD28
Located: HK_LM:Run, BatteryManager
command: C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
file: C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
size: 2768896
MD5: 4C3D13615705ABE391917F3B773A2E4E
Located: HK_LM:Run, Dell 968 AIO Printer Fax Server
command: "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
file: C:\Program Files\Dell 968 AIO Printer\fm3032.exe
size: 312560
MD5: D85AA2C10DDACBF2ACDD019AA718E99E
Located: HK_LM:Run, dldomon.exe
command: "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
file: C:\Program Files\Dell 968 AIO Printer\dldomon.exe
size: 455920
MD5: 326C3A0474BA3CDFF451AC9CA0284B32
Located: HK_LM:Run, DMHotKey
command: C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
file: C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
size: 466944
MD5: BD6A56DD05AF6B77288BC7A03B492E7D
Located: HK_LM:Run, EDS
command: C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
file: C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
size: 659456
MD5: 57B463FB782C46D30E680ACF8983CFD3
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 30192
MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F
Located: HK_LM:Run, googletalk
command: C:\Program Files\Google\Google Talk\googletalk.exe /autostart
file: C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 166424
MD5: 4C53C44E7C20E65445037954DC3A6BA4
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 141848
MD5: 9F6B6D0BE4F77F8693E9FD15D81C8A01
Located: HK_LM:Run, MagicKeyboard
command: C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
file: C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
size: 151552
MD5: 30D0552CFA5B80FD6B907DFB9957E68A
Located: HK_LM:Run, MemoryCardManager
command: "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
file: C:\Program Files\Dell 968 AIO Printer\memcard.exe
size: 410864
MD5: A1F947531E295D04A0DF7D6CE61389C8
Located: HK_LM:Run, Nuance PDF Reader-reminder
command: "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
file: C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe
size: 328992
MD5: 757A595F75E7840A7132EC11E6E6188A
Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 137752
MD5: D8F3B455D3FA4B40C9BF544F55647C19
Located: HK_LM:Run, PMBVolumeWatcher
command: C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
file: C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
size: 597792
MD5: F81BB17F053CCF309C49107B0B09F2DA
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16851456
MD5: B376AF03DEFF319984E58ADB84D78FE7
Located: HK_LM:Run, SearchSettings
command: C:\Program Files\pdfforge Toolbar\SearchSettings.exe
file: C:\Program Files\pdfforge Toolbar\SearchSettings.exe
size: 974848
MD5: 589B64EBB836582C46FAD4F16F837815
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1044480
MD5: FFD1C110E23B515EE0EFE15D9993EC45
Located: HK_CU:Run, \\BOSS\EPSON Stylus CX3800 Series
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /FU "C:\DOCUME~1\marty\LOCALS~1\Temp\E_S15C.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
size: 179200
MD5: F6BEE047EFD364569570AA84DEFABD28
Located: HK_CU:Run, Auto EPSON Stylus CX3800 Series on BOSS
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /FU "C:\WINDOWS\TEMP\E_S17C.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
size: 179200
MD5: F6BEE047EFD364569570AA84DEFABD28
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, Google Update
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: "C:\Documents and Settings\marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
file: C:\Documents and Settings\marty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
Located: HK_CU:Run, ISUSPM
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
file: C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
size: 222496
MD5: 6BF7676296D5359AFC135A5397000053
Located: HK_CU:Run, swg
where: S-1-5-21-3776996906-2358007643-454500428-1005...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 580200
MD5: ECBFD7D34F00BE71C95F649F41EADFAB
Located: Startup (disabled), Apache Web Server Monitor (DISABLED)
command: C:\PROGRA~1\Zend\Apache2\bin\APACHE~1.EXE
file: C:\PROGRA~1\Zend\Apache2\bin\APACHE~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), Google Calendar Sync (DISABLED)
command: C:\PROGRA~1\Google\GO208F~1\GOOGLE~1.EXE
file: C:\PROGRA~1\Google\GO208F~1\GOOGLE~1.EXE
size: 546288
MD5: F61C52DC14E28DAF9C7EED5E200545F5
Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
size: 65588
MD5: 0E2EBB670C1476F2964FF292F9E57203
Located: Startup (disabled), Zend Controller (DISABLED)
command: C:\PROGRA~1\Zend\ZENDSE~1\bin\ZENDCO~1.EXE
file: C:\PROGRA~1\Zend\ZENDSE~1\bin\ZENDCO~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), OpenOffice.org 3.1 (DISABLED)
command: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
file: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
size: 1195008
MD5: A9A9F5163F79DF7134BF9735850E2ABD
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/19/2010 2:29:34 PM
Date (last access): 7/31/2010 3:26:40 PM
Date (last write): 6/19/2010 2:29:34 PM
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 4/1/2009 9:05:28 PM
Date (last access): 7/31/2010 3:31:08 PM
Date (last write): 7/9/2009 12:51:00 AM
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\
Long name: swg.dll
Short name:
Date (created): 12/20/2009 10:07:32 AM
Date (last access): 7/31/2010 2:13:44 PM
Date (last write): 12/20/2009 10:07:32 AM
Filesize: 764912
Attributes: archive
MD5: CD91E666B2446530583FBFFCF537BE4C
CRC32: 34534F50
Version: 5.4.4525.1752
{B922D405-6D13-4A2B-AE89-08A030DA4402} (pdfforge Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: pdfforge Toolbar
Path: C:\Program Files\pdfforge Toolbar\IE\1.1.2\
Long name: pdfforgeToolbarIE.dll
Short name: PDFFOR~1.DLL
Date (created): 1/8/2010 3:17:38 AM
Date (last access): 7/31/2010 3:39:32 PM
Date (last write): 1/8/2010 3:17:38 AM
Filesize: 700416
Attributes: archive
MD5: 1C87D50F3792BB26F316FC70F7389157
CRC32: B552AE6D
Version: 1.1.2.16
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 6/22/2010 6:07:10 AM
Date (last access): 7/31/2010 3:31:28 PM
Date (last write): 6/22/2010 6:07:10 AM
Filesize: 41760
Attributes: archive
MD5: 213D90E1CE5514318AFA77D8ED016DD8
CRC32: EE52878C
Version: 6.0.210.6
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\pdfforge Toolbar\
Long name: SearchSettings.dll
Short name: SEARCH~1.DLL
Date (created): 1/8/2010 1:27:40 AM
Date (last access): 7/31/2010 4:08:22 PM
Date (last write): 1/8/2010 1:27:40 AM
Filesize: 1109504
Attributes: archive
MD5: B2370F9E01367E37D6A5F3BE1A02E1D1
CRC32: 410B8E10
Version: 1.2.3.16
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 6/22/2010 6:07:10 AM
Date (last access): 7/31/2010 3:28:40 PM
Date (last write): 6/22/2010 6:07:10 AM
Filesize: 79648
Attributes: archive
MD5: 7B0F250208DA410CBB98F725540C6168
CRC32: 1126B1F5
Version: 6.0.210.6
--- ActiveX list ---
{41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class)
DPF name:
CLSID name: RSClientPrint 2005 Class
Installer: C:\WINDOWS\Downloaded Program Files\RSClientPrint.inf
Codebase: https://grenzebachglierandassociates.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=d3qo5d32hnssh1454ud0gx55&ControlID=b288d9fff0d3478fb35fa5ef3e467b2b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RSClientPrint.dll
Short name: RSCLIE~1.DLL
Date (created): 8/5/2008 9:08:58 AM
Date (last access): 7/14/2010 6:47:08 AM
Date (last write): 8/5/2008 9:08:58 AM
Filesize: 582168
Attributes: archive
MD5: FE068A40A8C42E8488C9BACCEBFC8A59
CRC32: 3805532D
Version: 2005.90.3282.0
{5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class)
DPF name:
CLSID name: RSClientPrint 2008 Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\RSClientPrint-x86.inf
Codebase: https://grenzebachglierandassociates.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=4anftqf1nostuf45nsfuy3ef&ControlID=d4417744e2294d3c9f3da3c4d9c7b70b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: rsclientprint.dll
Short name: RSCLIE~1.DLL
Date (created): 7/10/2008 2:49:14 AM
Date (last access): 7/23/2010 1:18:58 PM
Date (last write): 7/10/2008 2:49:14 AM
Filesize: 583704
Attributes: archive
MD5: 5DF42E28E01872F5CFA95E26D8E5CF00
CRC32: 7BAE5129
Version: 2007.100.1600.22
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248370283171
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 4/1/2009 8:53:36 PM
Date (last access): 7/31/2010 3:25:26 PM
Date (last write): 8/6/2009 7:24:18 PM
Filesize: 209632
Attributes: archive
MD5: 033AF4CE25B6D871F0DE2C982658E049
CRC32: 2C204902
Version: 7.4.7600.226
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248624411062
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 10/16/2008 2:07:48 PM
Date (last access): 7/31/2010 3:25:34 PM
Date (last write): 8/6/2009 7:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 6/22/2010 2:24:30 AM
Date (last access): 6/22/2074 4:37:36 AM
Date (last write): 6/22/2010 4:36:32 AM
Filesize: 141088
Attributes: archive
MD5: 2CE5AE60752BF2015561A989E0F0859F
CRC32: E77C1309
Version: 6.0.210.6
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_08.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 6/22/2010 2:24:30 AM
Date (last access): 7/31/2010 4:22:24 PM
Date (last write): 6/22/2010 4:36:32 AM
Filesize: 141088
Attributes: archive
MD5: 2CE5AE60752BF2015561A989E0F0859F
CRC32: E77C1309
Version: 6.0.210.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_21
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_21.dll
Short name: NPJPI1~1.DLL
Date (created): 6/22/2010 2:24:30 AM
Date (last access): 7/31/2010 4:22:24 PM
Date (last write): 6/22/2010 4:36:32 AM
Filesize: 141088
Attributes: archive
MD5: 2CE5AE60752BF2015561A989E0F0859F
CRC32: E77C1309
Version: 6.0.210.6
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5918/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 3/12/2010 5:02:22 PM
Date (last access): 7/14/2010 6:47:08 AM
Date (last write): 3/12/2010 5:02:22 PM
Filesize: 244488
Attributes: archive
MD5: 24F8C030589F6807A77DE6C16DEB0144
CRC32: 04660683
Version: 3.0.0.5918
--- Process list ---
PID: 0 ( 0) [System]
PID: 640 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 708 ( 640) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 732 ( 640) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 780 ( 732) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 792 ( 732) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 960 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1032 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1076 ( 780) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1180 ( 780) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 264800
MD5: 9D67887E051FDFC892CA480D814B06B5
PID: 1284 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1324 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1488 ( 780) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1556 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1604 ( 780) C:\Program Files\Application Updater\ApplicationUpdater.exe
size: 380928
MD5: 293E66AA529F0FBA1AA56340E293A389
PID: 1668 ( 780) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: E4AE0CBC0B55A5FAA6996E38CE6C981B
PID: 1724 ( 780) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
size: 43010392
MD5: B05640AC812FCCB488328DF34E7F663A
PID: 112 (2020) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 540 ( 780) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
size: 360224
MD5: 627FA58ADC043704F9D14CA44340956F
PID: 1204 ( 780) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
size: 98840
MD5: 637A0F23F9012358E92E6F99835494D1
PID: 1248 ( 780) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1228 ( 780) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1436 ( 780) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 252 ( 112) C:\WINDOWS\RTHDCPL.EXE
size: 16851456
MD5: B376AF03DEFF319984E58ADB84D78FE7
PID: 344 ( 112) C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
size: 659456
MD5: 57B463FB782C46D30E680ACF8983CFD3
PID: 364 ( 112) C:\WINDOWS\system32\igfxtray.exe
size: 141848
MD5: 9F6B6D0BE4F77F8693E9FD15D81C8A01
PID: 400 ( 112) C:\WINDOWS\system32\hkcmd.exe
size: 166424
MD5: 4C53C44E7C20E65445037954DC3A6BA4
PID: 408 ( 112) C:\WINDOWS\system32\igfxpers.exe
size: 137752
MD5: D8F3B455D3FA4B40C9BF544F55647C19
PID: 424 ( 112) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1044480
MD5: FFD1C110E23B515EE0EFE15D9993EC45
PID: 464 ( 112) C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
size: 2768896
MD5: 4C3D13615705ABE391917F3B773A2E4E
PID: 512 ( 960) C:\WINDOWS\system32\igfxsrvc.exe
size: 256536
MD5: F56197D5CBDCC6A87C242DC8B8EEEE34
PID: 560 ( 112) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 30192
MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F
PID: 1136 ( 112) C:\Program Files\Dell 968 AIO Printer\dldomon.exe
size: 455920
MD5: 326C3A0474BA3CDFF451AC9CA0284B32
PID: 172 ( 112) C:\Program Files\Dell 968 AIO Printer\memcard.exe
size: 410864
MD5: A1F947531E295D04A0DF7D6CE61389C8
PID: 1320 ( 112) C:\Program Files\Google\Google Talk\googletalk.exe
size: 3739648
MD5: BCD9CBF0621F9A6767276A2E0BF1DD15
PID: 1764 ( 112) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
size: 597792
MD5: F81BB17F053CCF309C49107B0B09F2DA
PID: 2120 ( 448) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
size: 679936
MD5: 01921762F0525B17057ECEAD1ADFC22D
PID: 2156 ( 468) C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
size: 372736
MD5: 50E187E0EC23EF6C46E68109FB75D31B
PID: 2152 ( 112) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
PID: 2180 ( 112) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 2200 ( 468) C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
size: 299008
MD5: 3048C513A620837E94F527435012E25B
PID: 2224 ( 112) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2452 ( 960) C:\WINDOWS\system32\igfxext.exe
size: 170520
MD5: 7C36AFFA39FF126EB483F289604EFCC1
PID: 2504 ( 112) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 580200
MD5: ECBFD7D34F00BE71C95F649F41EADFAB
PID: 2736 ( 960) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
size: 1440384
MD5: F81E9721D98D6CB7D3ECF87DADD5D70E
PID: 3356 ( 780) C:\WINDOWS\system32\dldocoms.exe
size: 595184
MD5: 98D48215940238EBA5606E0D3EB3DE9D
PID: 3544 ( 780) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3748 ( 112) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 468 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 2440 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 2664 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 3060 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 224 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 1868 (3748) C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
size: 945720
MD5: ACFB580CF019C28EC17E34398BE199AA
PID: 2352 ( 112) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3836 ( 112) C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
size: 6287176
MD5: 1C68ACDF1A8213C62DA1E503ED9AE073
PID: 1496 (3836) C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
size: 53064
MD5: 07660E65EEF0A16A94572C2A40DCD54A
PID: 3172 (3836) C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
size: 66888
MD5: A03C611C8676FAD6F62B387486DEDB03
PID: 744 (3836) C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
size: 7168328
MD5: 70813C4106C871F9BD879A312F677386
PID: 2616 ( 112) C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe
size: 3156208
MD5: EB62144848244C3768A855C6136289A7
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/31/2010 4:22:29 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1276364478&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2Fsignin.crm.dynamics.com%2FPortal%2Fsignin%2Fsignin.aspx%3Fmscrmurl%3Dhttps%253A%252F%252Fsignin.crm.dynamics.com%252Fportal%252Fnotification%252Fnotification.aspx%253Forganizationid%253D2ed31d2d-3725-433d-a66d-652b374cfe9a%2526skipnotification%253Dfalse%2526target%253Dhttps%25253A%25252F%25252Fgrenzebachglierandassociates.crm.dynamics.com%25252Floader.aspx%25253FOrigin%25253DPortal&lc=1033&id=252280
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
osoft Corporation
Kindly follow the instructions given in post #2 (http://forums.spybot.info/showpost.php?p=1150&postcount=2) of the topic I linked you earlier.
Before creating DDS logs make sure word wrap in notepad is disabled.
DDS (Ver_10-03-17.01) - NTFSx86
Run by marty at 9:43:05.89 on Sat 08/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.455 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\marty\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1276364478&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2Fsignin.crm.dynamics.com%2FPortal%2Fsignin%2Fsignin.aspx%3Fmscrmurl%3Dhttps%253A%252F%252Fsignin.crm.dynamics.com%252Fportal%252Fnotification%252Fnotification.aspx%253Forganizationid%253D2ed31d2d-3725-433d-a66d-652b374cfe9a%2526skipnotification%253Dfalse%2526target%253Dhttps%25253A%25252F%25252Fgrenzebachglierandassociates.crm.dynamics.com%25252Floader.aspx%25253FOrigin%25253DPortal&lc=1033&id=252280
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} -
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [\\BOSS\EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /fu "c:\docume~1\marty\locals~1\temp\E_S15C.tmp" /EF "HKCU"
uRun: [Auto EPSON Stylus CX3800 Series on BOSS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /fu "c:\windows\temp\E_S17C.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\marty\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [\\ckaymo\EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p35 "\\ckaymo\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [Auto EPSON Stylus CX3800 Series on ckaymo] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p41 "auto epson stylus cx3800 series on ckaymo" /o14 "\\ckaymo\Epson" /M "Stylus CX3800"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: dynamics.com\crm
Trusted Zone: optionsxpress.com\www
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://grenzebachglierandassociates.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=d3qo5d32hnssh1454ud0gx55&ControlID=b288d9fff0d3478fb35fa5ef3e467b2b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://grenzebachglierandassociates.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=4anftqf1nostuf45nsfuy3ef&ControlID=d4417744e2294d3c9f3da3c4d9c7b70b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248370283171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248624411062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5918/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\program files\qlikview\qvprotocol\Qvp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\marty\applic~1\mozilla\firefox\profiles\2siazzgn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bloomberg.com/markets/
FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\marty\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-4-1 4300]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-4-1 238464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2009-7-8 99568]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-8 30192]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2008-7-8 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2008-7-8 1214848]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2008-7-8 1191552]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB2AV.sys [2010-3-20 151040]
S3 OpenLoad Service;OpenLoad Service;c:\program files\opendemand systems\openload 6.0\olservice.exe --> c:\program files\opendemand systems\openload 6.0\OLService.exe [?]
S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\partner.exe [2009-4-1 110576]
S3 ProcessMakerApache;ProcessMakerApache;c:\progra~1\proces~1\apache2\bin\httpd.exe [2010-3-28 24642]
S3 ProcessMakerMySQL;ProcessMakerMySQL;c:\program files\processmaker\mysql\bin\mysqld.exe [2010-3-28 5730304]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 MySQL_ZendServer51;MySQL_ZendServer51;"c:\program files\zend\mysql51\bin\mysqld" --defaults-file="c:\program files\zend\mysql51\my.ini" mysql_zendserver51 --> c:\program files\zend\mysql51\bin\mysqld [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2010-08-02 19:00:05 8159 ----a-w- c:\documents and settings\marty\.recently-used.xbel
2010-07-31 20:16:47 0 d-----w- c:\docume~1\marty\applic~1\Safer Networking
2010-07-31 20:06:34 0 d-----w- c:\program files\Safer Networking
2010-07-31 14:03:05 0 d-----w- c:\program files\Microsoft F#
2010-07-31 13:28:33 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-07-31 13:28:10 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-07-31 13:26:24 0 d-----w- c:\windows\system32\RsFx
2010-07-31 13:13:57 0 d-----w- c:\program files\Microsoft ASP.NET
2010-07-31 13:13:45 0 d-----w- c:\program files\IIS
2010-07-31 13:07:25 0 d-----w- c:\program files\Microsoft Help Viewer
2010-07-31 13:07:24 0 d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-07-30 21:04:01 165 ----a-w- c:\windows\system32\spupdsvc.inf
2010-07-30 19:27:40 0 d-----w- c:\program files\Microsoft
2010-07-26 13:00:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-23 17:31:05 36468 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-23 11:20:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-23 11:19:13 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-23 11:18:19 0 d-----w- c:\program files\Microsoft Expression
2010-07-21 01:01:12 0 d-----w- c:\docume~1\marty\applic~1\Nuance
2010-07-21 01:01:03 0 d-----w- c:\docume~1\marty\applic~1\Zeon
2010-07-21 00:59:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2010-07-21 00:58:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2010-07-20 19:32:53 0 d-----w- c:\docume~1\marty\applic~1\KompoZer
2010-07-20 14:42:20 0 d-----w- c:\program files\QlikView
2010-07-20 14:42:20 0 d-----w- c:\docume~1\alluse~1\applic~1\QlikTech
2010-07-11 12:53:52 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-07-11 12:53:49 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-07-11 12:53:49 0 d-----w- c:\program files\PDFCreator
==================== Find3M ====================
2010-06-22 09:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-11 20:09:48 88 --sh--r- c:\windows\system32\1008CB11AA.sys
2010-05-06 14:26:46 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 9:43:47.78 ===============
Thanks for the logs.
Uninstall pdfforge Toolbar if not installed on purpose.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Uninstall these old Javas:
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log. Also, update Spybot and run a scan with it. See if issue still exists.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.