jlc60690
2010-08-04, 19:02
I have Spybot version 1.6.2.46 latest detection update 7/28/2010 installed everytime I do a scan it seems to find the Win32.KillAV-KQ. I click on fix selected problems and it said that it was fixed. But, the next day it is here again. It does seems that it get installed everyday in the middle of the night.
How can I prevent for this trojan to be become alive every night?
Your help will be very much appreciated. Thank You.
Looking under Tools>Resident tab the last two entries are:
8/3/2010 10:45:52 AM Allowed (based on user decision) value "{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}" (new data: "") deleted in Browser Helper Object!
8/4/2010 3:43:23 AM Allowed (based on user decision) value "{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}" (new data: "") added in Browser Helper Object!
This is a partial report (I removed some info because the message was too long) from Spybot before I clicked on fix the problem.
--- Search result list ---
Win32.KillAV-KQ: [SBI $1AF416DB] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
Win32.KillAV-KQ: [SBI $8E6F6F38] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: A32B25970003B6ABA027EFF8EEDA12A3
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 515416
MD5: A7035C7D3AAA24C5D71D6B5506F2D704
Located: HK_LM:Run, DMAScheduler
command: "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
file: c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 9E1992C27ECF7F08C154DCACF32F1AAB
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
Located: HK_LM:Run, ftutil2
command: rundll32.exe ftutil2.dll,SetWriteCacheMode
file: C:\WINDOWS\system32\ftutil2.dll
size: 106496
MD5: B8ED44B59233B1872AE4CC246C6BBFE2
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
size: 438359
MD5: 7D5393BA10DEACB5A1AB7F05232EB600
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7311360
MD5: 6BDD333A105978CF4C560CA86FF5E39D
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 96337880D0957F5C0C3D48BD3BBF89FF
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16239616
MD5: 7ED41E534AD1ECB7C75FFDA0C2917144
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:Run, ymetray
command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
file: C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
size: 6104568
MD5: 5A7A99549E1394F14849966E2EC2330E
Located: HK_CU:Run, DWQueuedReporting
where: .DEFAULT...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 437160
MD5: 9435C1C2D2111573111367F92F208C1F
Located: HK_CU:RunOnce, RunNarrator
where: .DEFAULT...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
Located: HK_CU:Run, Search Protection
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
file: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 111856
MD5: 6888EE520C32B26AF72AAD4A073863A4
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
size: 3092480
MD5: 5191B3AE89A93F815704CCC76B8467DE
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-309874460-690313887-1058202516-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, DWQueuedReporting
where: S-1-5-18...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 437160
MD5: 9435C1C2D2111573111367F92F208C1F
Located: HK_CU:RunOnce, RunNarrator
where: S-1-5-18...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: Startup (user), Pin.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\hp\bin\CLOAKER.EXE
file: C:\hp\bin\CLOAKER.EXE
size: 27136
MD5: 6380625DD0480ED60960A149A087C848
Located: Startup (user), PinMcLnk.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\hp\bin\cloaker.exe
file: C:\hp\bin\cloaker.exe
size: 27136
MD5: 6380625DD0480ED60960A149A087C848
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (user), LaunchU3.exe.lnk
where: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup...
command: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
file: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
size: 1078
MD5: 4A51C88A71806B8FBE36922F4AA23A17
Located: WinLogon, ckpNotify
command: ckpNotify.dll
file: ckpNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/19/2010 2:29:34 PM
Date (last access): 8/4/2010 11:02:24 AM
Date (last write): 6/19/2010 2:29:34 PM
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 5/18/2008 3:24:04 PM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 5/18/2008 3:24:04 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (Windows Live Family Safety Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Windows Live Family Safety Browser Helper
CLSID name: Windows Live Family Safety Browser Helper Class
Path: C:\Program Files\Windows Live\Family Safety\
Long name: fssbho.dll
Short name:
Date (created): 2/6/2009 6:08:44 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 2/6/2009 6:08:44 PM
Filesize: 61808
Attributes: archive
MD5: 10E677AA272BDB310F59026BA816139B
CRC32: 1BC3FFD2
Version: 14.0.8064.206
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 4/15/2009 11:01:04 PM
Date (last access): 8/4/2010 11:22:38 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} (ALOT Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ALOT Toolbar
Path: C:\Program Files\alot\bin\
Long name: alot.dll
Short name:
Date (created): 3/11/2008 10:07:26 AM
Date (last access): 8/4/2010 11:10:22 AM
Date (last write): 3/11/2008 10:07:26 AM
Filesize: 670504
Attributes: archive
MD5: 18E1D922B359C65622E46885C1036DFD
CRC32: 00C5F4F8
Version: 1.2.1.200
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/24/2006 11:00:28 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 5/26/2005 11:39:14 AM
Filesize: 181352
Attributes: archive
MD5: 3105430A206291D7F8768F6CD6F3C3BD
CRC32: 28147C76
Version: 2005.5.26.1
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 10/24/2006 11:00:26 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 1/24/2005 9:55:32 AM
Filesize: 115832
Attributes: archive
MD5: A7DFD7463C4AC34309D2304546D7A96A
CRC32: E2DA49AB
Version: 2005.1.24.1
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name: SEPSEA~1.DLL
Date (created): 5/14/2010 11:00:26 AM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 5/14/2010 11:00:26 AM
Filesize: 191792
Attributes: archive
MD5: 69974B4FB022B6FB8691BF537B4C1A26
CRC32: FFCD8C8F
Version: 3.0.126.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 11:30:18 AM
Date (last access): 8/4/2010 11:10:22 AM
Date (last write): 2/17/2009 5:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NAV Helper
CLSID name: CNavExtBho Class
Path: c:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 12/30/2005 5:42:34 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 4/2/2007 7:19:08 PM
Filesize: 140912
Attributes: archive
MD5: 36CF01DD401EA775DDD30D36B994ACD3
CRC32: 0CEB1D4C
Version: 12.7.0.2
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 4/30/2007 10:40:38 PM
Date (last access): 8/4/2010 2:20:04 AM
Date (last write): 1/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 9/29/2008 3:23:16 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 9/29/2008 3:23:30 PM
Filesize: 208896
Attributes: archive
MD5: BEBDF2293F53049569285B9B2FA7EC68
CRC32: F70B7831
Version: 1.0.0.1
{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Browser Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Browser Helper Object
Path: C:\Program Files\Shared\
Long name: lib.dll
Short name:
Date (created): 5/25/2010 6:37:24 AM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 8/4/2010 3:43:20 AM
Filesize: 335885
Attributes: archive
MD5: F2EE3CAB43A6E45C1D5C7C35AF2BA2D6
CRC32: 635C20FD
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (MSN Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: MSN Toolbar Helper
Path: C:\Program Files\MSN\Toolbar\3.0.0988.2\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 12/4/2008 12:29:32 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 12/4/2008 12:29:32 PM
Filesize: 83800
Attributes: archive
MD5: 45C45845FD810BC6A205AE9AAB442FE9
CRC32: EA2D87CA
Version: 3.0.988.2
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:06:22 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 2/6/2009 6:17:46 PM
Date (last access): 8/4/2010 2:20:24 AM
Date (last write): 2/6/2009 6:17:46 PM
Filesize: 1068904
Attributes: archive
MD5: 28455424E3C8B81661C5A40E18066BB1
CRC32: E5BA354B
Version: 14.0.8064.206
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 4/19/2009 11:51:52 PM
Date (last access): 8/4/2010 11:02:24 AM
Date (last write): 4/19/2009 11:51:52 PM
Filesize: 73728
Attributes: archive
MD5: F68EDAFE003F2B3523C0742CD3B8D673
CRC32: 9C709350
Version: 6.0.110.3
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 10/24/2006 10:58:50 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 2/3/2005 5:07:08 PM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1
--- ActiveX list ---
{01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class)
DPF name:
CLSID name: Support.com Configuration Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlcm.inf
Codebase: https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
description:
classification: Legitimate
known filename: tgctlcm.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tgctlcm.dll
Short name:
Date (created): 4/28/2008 2:22:00 AM
Date (last access): 8/4/2010 2:20:06 AM
Date (last write): 4/28/2008 2:22:00 AM
Filesize: 292224
Attributes: archive
MD5: 2D60199EBB6AD1C07ABC1DB5B23CCFDE
CRC32: 1FA9E720
Version: 7.0.1000.0
{14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services)
DPF name:
CLSID name: Hewlett-Packard Online Support Services
Installer: C:\WINDOWS\Downloaded Program Files\HPISDataManager.inf
Codebase: https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
description:
classification: Legitimate
known filename: HPISDataManager.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPISDataManager.dll
Short name: HPISDA~1.DLL
Date (created): 7/31/2006 12:20:10 PM
Date (last access): 8/4/2010 2:20:18 AM
Date (last write): 7/31/2006 12:20:10 PM
Filesize: 188416
Attributes: archive
MD5: AA4417FE40F3A55A4DA33A7AA2BDE0C2
CRC32: 08E882B6
Version: 1.0.0.17
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 5/17/2006 12:23:38 PM
Date (last access): 8/4/2010 10:56:36 AM
Date (last write): 2/6/2009 12:35:56 PM
Filesize: 1486208
Attributes: archive
MD5: 937A55210D8B8B75F017C79958ECE7D3
CRC32: CA9CD645
Version: 1.9.9.1
{2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1)
DPF name:
CLSID name: CheckFileStatus.UserControl1
Installer: C:\WINDOWS\Downloaded Program Files\CheckFileStatus.INF
Codebase: https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: CheckFileStatus.ocx
Short name: CHECKF~1.OCX
Date (created): 2/21/2008 7:58:48 PM
Date (last access): 8/4/2010 2:20:26 AM
Date (last write): 2/21/2008 7:58:48 PM
Filesize: 28288
Attributes: archive
MD5: 1C827DB0162E71A3F6F1806899A80D50
CRC32: 44590C20
Version: 2.1.0.0
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 8:49:04 PM
Date (last access): 8/4/2010 2:20:08 AM
Date (last write): 3/15/2007 8:49:04 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class)
DPF name:
CLSID name: Symantec Script Runner Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlsr.inf
Codebase: https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
description:
classification: Legitimate
known filename: tgctlsr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tgctlsr.dll
Short name:
Date (created): 9/3/2007 9:14:10 AM
Date (last access): 8/4/2010 2:20:38 AM
Date (last write): 9/3/2007 9:14:10 AM
Filesize: 578848
Attributes: archive
MD5: 11B757C44B95B50ECE47B3E1128B8A2B
CRC32: 384A8A8C
Version: 6.9.2674.0
{4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control)
DPF name:
CLSID name: FixController Control
Installer: C:\WINDOWS\Downloaded Program Files\HPInstallMgr_v01_6.inf
Codebase: http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
Path: C:\Program Files\Hp\Common\
Long name: FixEngine.dll
Short name: FIXENG~1.DLL
Date (created): 6/29/2007 1:10:14 PM
Date (last access): 8/4/2010 2:20:40 AM
Date (last write): 6/29/2007 1:10:14 PM
Filesize: 447792
Attributes: archive
MD5: 31C5696EC1A24D54A75E6817BA48D2A1
CRC32: A7D9342F
Version: 1.0.3.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168193630546
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 8/4/2010 11:01:28 AM
Date (last write): 8/6/2009 8:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 2:20:12 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 3:52:58 PM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 11/10/2005 3:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:47:18 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:47:18 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 10/6/2008 10:18:42 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 10/6/2008 10:18:42 AM
Filesize: 131392
Attributes: archive
MD5: 513252FADA0ED23767B0668B6569752F
CRC32: 04CE0A2F
Version: 1.5.2.35
--- Process list ---
PID: 0 ( 0) [System]
PID: 484 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 540 ( 484) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 568 ( 484) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 612 ( 568) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 624 ( 568) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 792 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 840 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 880 ( 612) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 920 ( 612) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 996 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1040 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1164 ( 612) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169576
MD5: 13488A6AF50A151D4802897C185E83FA
PID: 1236 ( 612) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192104
MD5: 0BECA1C57AD647A28145C61B8911C047
PID: 1432 (1400) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1460 ( 612) c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 202344
MD5: 0F4A5D04A4EA8332BF06ABE47A844A82
PID: 1516 ( 612) c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 214672
MD5: 5BD0C3EEA602ECD57679ABF892CA6E8B
PID: 1580 ( 612) c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: 1567D41313BB856FE150CF6DECC80174
PID: 1608 ( 612) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174152
MD5: C1C706751F0499747DA9442C2679A0B7
PID: 1776 ( 612) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
size: 951632
MD5: 4BFD99EF6CC3AF080808D55AB2778195
PID: 1852 ( 612) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1940 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1972 ( 612) C:\WINDOWS\arservice.exe
size: 58880
MD5: 9A0D9B2E263BEDE80FB79DDBAD240EC1
PID: 140 ( 612) C:\Program Files\Common Files\Command Software\dvpapi.exe
size: 142416
MD5: 68C9A40EA00417DF63F541FD8DFA65A1
PID: 192 ( 612) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: D039A0C347632622934906BD59A4E1EA
PID: 220 ( 612) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 260 ( 612) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
size: 533360
MD5: 9B1622EBEB31B3411B13382FFCB8737D
PID: 412 ( 612) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 32192B4EBE8720ED8D49A455C962CB91
PID: 336 ( 612) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 49152
MD5: 5D4B38A8D8525356798F5E560C3A3090
PID: 892 ( 612) c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 139888
MD5: 68B95DB18A7429991DFBE88F19A4D612
PID: 972 ( 612) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: B0903C021BFCD6055C053A569EF98AEF
PID: 1072 ( 612) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: D31F88C5F19EEFA366A415D6BC5F2ABC
PID: 1284 ( 612) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 249136
MD5: 4A5809A1D796E2675AC0332BF7B0CB11
PID: 2112 ( 612) C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
size: 36962
MD5: AB697664A437C0A1210D235C10E59C1E
PID: 2176 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2236 ( 612) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2420 ( 612) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2456 ( 612) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 2888 ( 612) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 2932 ( 792) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 3168 ( 792) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3656 (1432) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 3820 (1432) C:\WINDOWS\RTHDCPL.EXE
size: 16239616
MD5: 7ED41E534AD1ECB7C75FFDA0C2917144
PID: 3848 ( 792) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3888 (1432) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 9E1992C27ECF7F08C154DCACF32F1AAB
PID: 3968 (1432) C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
size: 438359
MD5: 7D5393BA10DEACB5A1AB7F05232EB600
PID: 4064 ( 612) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 248 (1432) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
PID: 672 (1432) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1184 (1432) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 515416
MD5: A7035C7D3AAA24C5D71D6B5506F2D704
PID: 2412 (1432) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
PID: 3104 (1432) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 111856
MD5: 6888EE520C32B26AF72AAD4A073863A4
PID: 3256 (1432) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 4000 (1432) C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
size: 921600
MD5: 8210027E941FC645D4B84A88776B913B
PID: 732 (3940) C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
size: 3092480
MD5: 5191B3AE89A93F815704CCC76B8467DE
PID: 3436 (1432) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2820 (3436) C:\WINDOWS\hh.exe
size: 10752
MD5: 6BA0A833DCABF3E28622143689E2C92E
PID: 3564 (1432) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4072 (3564) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 196 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3960 (1432) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 2740 (3564) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/4/2010 11:47:16 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{023A5D26-B08B-4741-AB0E-2FB7C8BF4810}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{023A5D26-B08B-4741-AB0E-2FB7C8BF4810}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC6C58D-49DF-4FF6-93B3-541402F697BF}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC6C58D-49DF-4FF6-93B3-541402F697BF}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF03153D-7820-4742-B123-40CAF6B08317}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF03153D-7820-4742-B123-40CAF6B08317}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B82C2BD4-244B-4E1D-993F-5FA5659B3D0F}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B82C2BD4-244B-4E1D-993F-5FA5659B3D0F}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC3B0896-86D8-4D12-A348-D2C6280D00DB}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC3B0896-86D8-4D12-A348-D2C6280D00DB}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
How can I prevent for this trojan to be become alive every night?
Your help will be very much appreciated. Thank You.
Looking under Tools>Resident tab the last two entries are:
8/3/2010 10:45:52 AM Allowed (based on user decision) value "{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}" (new data: "") deleted in Browser Helper Object!
8/4/2010 3:43:23 AM Allowed (based on user decision) value "{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}" (new data: "") added in Browser Helper Object!
This is a partial report (I removed some info because the message was too long) from Spybot before I clicked on fix the problem.
--- Search result list ---
Win32.KillAV-KQ: [SBI $1AF416DB] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
Win32.KillAV-KQ: [SBI $8E6F6F38] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: A32B25970003B6ABA027EFF8EEDA12A3
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 515416
MD5: A7035C7D3AAA24C5D71D6B5506F2D704
Located: HK_LM:Run, DMAScheduler
command: "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
file: c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 9E1992C27ECF7F08C154DCACF32F1AAB
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
Located: HK_LM:Run, ftutil2
command: rundll32.exe ftutil2.dll,SetWriteCacheMode
file: C:\WINDOWS\system32\ftutil2.dll
size: 106496
MD5: B8ED44B59233B1872AE4CC246C6BBFE2
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
size: 438359
MD5: 7D5393BA10DEACB5A1AB7F05232EB600
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7311360
MD5: 6BDD333A105978CF4C560CA86FF5E39D
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 96337880D0957F5C0C3D48BD3BBF89FF
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16239616
MD5: 7ED41E534AD1ECB7C75FFDA0C2917144
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_LM:Run, ymetray
command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
file: C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
size: 6104568
MD5: 5A7A99549E1394F14849966E2EC2330E
Located: HK_CU:Run, DWQueuedReporting
where: .DEFAULT...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 437160
MD5: 9435C1C2D2111573111367F92F208C1F
Located: HK_CU:RunOnce, RunNarrator
where: .DEFAULT...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
Located: HK_CU:Run, Search Protection
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
file: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 111856
MD5: 6888EE520C32B26AF72AAD4A073863A4
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-309874460-690313887-1058202516-1007...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
size: 3092480
MD5: 5191B3AE89A93F815704CCC76B8467DE
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-309874460-690313887-1058202516-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, DWQueuedReporting
where: S-1-5-18...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 437160
MD5: 9435C1C2D2111573111367F92F208C1F
Located: HK_CU:RunOnce, RunNarrator
where: S-1-5-18...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: Startup (user), Pin.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\hp\bin\CLOAKER.EXE
file: C:\hp\bin\CLOAKER.EXE
size: 27136
MD5: 6380625DD0480ED60960A149A087C848
Located: Startup (user), PinMcLnk.lnk
where: C:\Documents and Settings\Default User\Start Menu\Programs\Startup...
command: C:\hp\bin\cloaker.exe
file: C:\hp\bin\cloaker.exe
size: 27136
MD5: 6380625DD0480ED60960A149A087C848
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (user), LaunchU3.exe.lnk
where: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup...
command: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
file: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
size: 1078
MD5: 4A51C88A71806B8FBE36922F4AA23A17
Located: WinLogon, ckpNotify
command: ckpNotify.dll
file: ckpNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/19/2010 2:29:34 PM
Date (last access): 8/4/2010 11:02:24 AM
Date (last write): 6/19/2010 2:29:34 PM
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 5/18/2008 3:24:04 PM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 5/18/2008 3:24:04 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (Windows Live Family Safety Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Windows Live Family Safety Browser Helper
CLSID name: Windows Live Family Safety Browser Helper Class
Path: C:\Program Files\Windows Live\Family Safety\
Long name: fssbho.dll
Short name:
Date (created): 2/6/2009 6:08:44 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 2/6/2009 6:08:44 PM
Filesize: 61808
Attributes: archive
MD5: 10E677AA272BDB310F59026BA816139B
CRC32: 1BC3FFD2
Version: 14.0.8064.206
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 4/15/2009 11:01:04 PM
Date (last access): 8/4/2010 11:22:38 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} (ALOT Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ALOT Toolbar
Path: C:\Program Files\alot\bin\
Long name: alot.dll
Short name:
Date (created): 3/11/2008 10:07:26 AM
Date (last access): 8/4/2010 11:10:22 AM
Date (last write): 3/11/2008 10:07:26 AM
Filesize: 670504
Attributes: archive
MD5: 18E1D922B359C65622E46885C1036DFD
CRC32: 00C5F4F8
Version: 1.2.1.200
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/24/2006 11:00:28 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 5/26/2005 11:39:14 AM
Filesize: 181352
Attributes: archive
MD5: 3105430A206291D7F8768F6CD6F3C3BD
CRC32: 28147C76
Version: 2005.5.26.1
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 10/24/2006 11:00:26 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 1/24/2005 9:55:32 AM
Filesize: 115832
Attributes: archive
MD5: A7DFD7463C4AC34309D2304546D7A96A
CRC32: E2DA49AB
Version: 2005.1.24.1
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name: SEPSEA~1.DLL
Date (created): 5/14/2010 11:00:26 AM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 5/14/2010 11:00:26 AM
Filesize: 191792
Attributes: archive
MD5: 69974B4FB022B6FB8691BF537B4C1A26
CRC32: FFCD8C8F
Version: 3.0.126.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 11:30:18 AM
Date (last access): 8/4/2010 11:10:22 AM
Date (last write): 2/17/2009 5:11:04 PM
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NAV Helper
CLSID name: CNavExtBho Class
Path: c:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 12/30/2005 5:42:34 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 4/2/2007 7:19:08 PM
Filesize: 140912
Attributes: archive
MD5: 36CF01DD401EA775DDD30D36B994ACD3
CRC32: 0CEB1D4C
Version: 12.7.0.2
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 4/30/2007 10:40:38 PM
Date (last access): 8/4/2010 2:20:04 AM
Date (last write): 1/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 9/29/2008 3:23:16 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 9/29/2008 3:23:30 PM
Filesize: 208896
Attributes: archive
MD5: BEBDF2293F53049569285B9B2FA7EC68
CRC32: F70B7831
Version: 1.0.0.1
{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Browser Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Browser Helper Object
Path: C:\Program Files\Shared\
Long name: lib.dll
Short name:
Date (created): 5/25/2010 6:37:24 AM
Date (last access): 8/4/2010 11:06:46 AM
Date (last write): 8/4/2010 3:43:20 AM
Filesize: 335885
Attributes: archive
MD5: F2EE3CAB43A6E45C1D5C7C35AF2BA2D6
CRC32: 635C20FD
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (MSN Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: MSN Toolbar Helper
Path: C:\Program Files\MSN\Toolbar\3.0.0988.2\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 12/4/2008 12:29:32 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 12/4/2008 12:29:32 PM
Filesize: 83800
Attributes: archive
MD5: 45C45845FD810BC6A205AE9AAB442FE9
CRC32: EA2D87CA
Version: 3.0.988.2
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:06:22 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 2/6/2009 6:17:46 PM
Date (last access): 8/4/2010 2:20:24 AM
Date (last write): 2/6/2009 6:17:46 PM
Filesize: 1068904
Attributes: archive
MD5: 28455424E3C8B81661C5A40E18066BB1
CRC32: E5BA354B
Version: 14.0.8064.206
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 4/19/2009 11:51:52 PM
Date (last access): 8/4/2010 11:02:24 AM
Date (last write): 4/19/2009 11:51:52 PM
Filesize: 73728
Attributes: archive
MD5: F68EDAFE003F2B3523C0742CD3B8D673
CRC32: 9C709350
Version: 6.0.110.3
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 10/24/2006 10:58:50 PM
Date (last access): 8/4/2010 11:04:12 AM
Date (last write): 2/3/2005 5:07:08 PM
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1
--- ActiveX list ---
{01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class)
DPF name:
CLSID name: Support.com Configuration Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlcm.inf
Codebase: https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
description:
classification: Legitimate
known filename: tgctlcm.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tgctlcm.dll
Short name:
Date (created): 4/28/2008 2:22:00 AM
Date (last access): 8/4/2010 2:20:06 AM
Date (last write): 4/28/2008 2:22:00 AM
Filesize: 292224
Attributes: archive
MD5: 2D60199EBB6AD1C07ABC1DB5B23CCFDE
CRC32: 1FA9E720
Version: 7.0.1000.0
{14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services)
DPF name:
CLSID name: Hewlett-Packard Online Support Services
Installer: C:\WINDOWS\Downloaded Program Files\HPISDataManager.inf
Codebase: https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
description:
classification: Legitimate
known filename: HPISDataManager.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPISDataManager.dll
Short name: HPISDA~1.DLL
Date (created): 7/31/2006 12:20:10 PM
Date (last access): 8/4/2010 2:20:18 AM
Date (last write): 7/31/2006 12:20:10 PM
Filesize: 188416
Attributes: archive
MD5: AA4417FE40F3A55A4DA33A7AA2BDE0C2
CRC32: 08E882B6
Version: 1.0.0.17
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 5/17/2006 12:23:38 PM
Date (last access): 8/4/2010 10:56:36 AM
Date (last write): 2/6/2009 12:35:56 PM
Filesize: 1486208
Attributes: archive
MD5: 937A55210D8B8B75F017C79958ECE7D3
CRC32: CA9CD645
Version: 1.9.9.1
{2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1)
DPF name:
CLSID name: CheckFileStatus.UserControl1
Installer: C:\WINDOWS\Downloaded Program Files\CheckFileStatus.INF
Codebase: https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: CheckFileStatus.ocx
Short name: CHECKF~1.OCX
Date (created): 2/21/2008 7:58:48 PM
Date (last access): 8/4/2010 2:20:26 AM
Date (last write): 2/21/2008 7:58:48 PM
Filesize: 28288
Attributes: archive
MD5: 1C827DB0162E71A3F6F1806899A80D50
CRC32: 44590C20
Version: 2.1.0.0
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 8:49:04 PM
Date (last access): 8/4/2010 2:20:08 AM
Date (last write): 3/15/2007 8:49:04 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class)
DPF name:
CLSID name: Symantec Script Runner Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlsr.inf
Codebase: https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
description:
classification: Legitimate
known filename: tgctlsr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tgctlsr.dll
Short name:
Date (created): 9/3/2007 9:14:10 AM
Date (last access): 8/4/2010 2:20:38 AM
Date (last write): 9/3/2007 9:14:10 AM
Filesize: 578848
Attributes: archive
MD5: 11B757C44B95B50ECE47B3E1128B8A2B
CRC32: 384A8A8C
Version: 6.9.2674.0
{4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control)
DPF name:
CLSID name: FixController Control
Installer: C:\WINDOWS\Downloaded Program Files\HPInstallMgr_v01_6.inf
Codebase: http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
Path: C:\Program Files\Hp\Common\
Long name: FixEngine.dll
Short name: FIXENG~1.DLL
Date (created): 6/29/2007 1:10:14 PM
Date (last access): 8/4/2010 2:20:40 AM
Date (last write): 6/29/2007 1:10:14 PM
Filesize: 447792
Attributes: archive
MD5: 31C5696EC1A24D54A75E6817BA48D2A1
CRC32: A7D9342F
Version: 1.0.3.0
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168193630546
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 8/4/2010 11:01:28 AM
Date (last write): 8/6/2009 8:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 2:20:12 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 3:52:58 PM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 11/10/2005 3:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:47:18 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 4/19/2009 11:51:50 PM
Date (last access): 8/4/2010 11:47:18 AM
Date (last write): 4/19/2009 11:51:50 PM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 10/6/2008 10:18:42 AM
Date (last access): 8/4/2010 2:21:10 AM
Date (last write): 10/6/2008 10:18:42 AM
Filesize: 131392
Attributes: archive
MD5: 513252FADA0ED23767B0668B6569752F
CRC32: 04CE0A2F
Version: 1.5.2.35
--- Process list ---
PID: 0 ( 0) [System]
PID: 484 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 540 ( 484) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 568 ( 484) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 612 ( 568) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 624 ( 568) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 792 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 840 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 880 ( 612) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 920 ( 612) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 996 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1040 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1164 ( 612) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169576
MD5: 13488A6AF50A151D4802897C185E83FA
PID: 1236 ( 612) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192104
MD5: 0BECA1C57AD647A28145C61B8911C047
PID: 1432 (1400) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1460 ( 612) c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 202344
MD5: 0F4A5D04A4EA8332BF06ABE47A844A82
PID: 1516 ( 612) c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 214672
MD5: 5BD0C3EEA602ECD57679ABF892CA6E8B
PID: 1580 ( 612) c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160848
MD5: 1567D41313BB856FE150CF6DECC80174
PID: 1608 ( 612) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174152
MD5: C1C706751F0499747DA9442C2679A0B7
PID: 1776 ( 612) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
size: 951632
MD5: 4BFD99EF6CC3AF080808D55AB2778195
PID: 1852 ( 612) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1940 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1972 ( 612) C:\WINDOWS\arservice.exe
size: 58880
MD5: 9A0D9B2E263BEDE80FB79DDBAD240EC1
PID: 140 ( 612) C:\Program Files\Common Files\Command Software\dvpapi.exe
size: 142416
MD5: 68C9A40EA00417DF63F541FD8DFA65A1
PID: 192 ( 612) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: D039A0C347632622934906BD59A4E1EA
PID: 220 ( 612) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 260 ( 612) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
size: 533360
MD5: 9B1622EBEB31B3411B13382FFCB8737D
PID: 412 ( 612) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 32192B4EBE8720ED8D49A455C962CB91
PID: 336 ( 612) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 49152
MD5: 5D4B38A8D8525356798F5E560C3A3090
PID: 892 ( 612) c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 139888
MD5: 68B95DB18A7429991DFBE88F19A4D612
PID: 972 ( 612) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: B0903C021BFCD6055C053A569EF98AEF
PID: 1072 ( 612) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: D31F88C5F19EEFA366A415D6BC5F2ABC
PID: 1284 ( 612) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 249136
MD5: 4A5809A1D796E2675AC0332BF7B0CB11
PID: 2112 ( 612) C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
size: 36962
MD5: AB697664A437C0A1210D235C10E59C1E
PID: 2176 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2236 ( 612) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2420 ( 612) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2456 ( 612) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 2888 ( 612) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 2932 ( 792) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 3168 ( 792) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3656 (1432) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 3820 (1432) C:\WINDOWS\RTHDCPL.EXE
size: 16239616
MD5: 7ED41E534AD1ECB7C75FFDA0C2917144
PID: 3848 ( 792) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3888 (1432) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 9E1992C27ECF7F08C154DCACF32F1AAB
PID: 3968 (1432) C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
size: 438359
MD5: 7D5393BA10DEACB5A1AB7F05232EB600
PID: 4064 ( 612) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 248 (1432) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
PID: 672 (1432) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1184 (1432) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 515416
MD5: A7035C7D3AAA24C5D71D6B5506F2D704
PID: 2412 (1432) C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
PID: 3104 (1432) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
size: 111856
MD5: 6888EE520C32B26AF72AAD4A073863A4
PID: 3256 (1432) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 4000 (1432) C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
size: 921600
MD5: 8210027E941FC645D4B84A88776B913B
PID: 732 (3940) C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
size: 3092480
MD5: 5191B3AE89A93F815704CCC76B8467DE
PID: 3436 (1432) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2820 (3436) C:\WINDOWS\hh.exe
size: 10752
MD5: 6BA0A833DCABF3E28622143689E2C92E
PID: 3564 (1432) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4072 (3564) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 196 ( 612) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3960 (1432) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 2740 (3564) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/4/2010 11:47:16 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{023A5D26-B08B-4741-AB0E-2FB7C8BF4810}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{023A5D26-B08B-4741-AB0E-2FB7C8BF4810}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC6C58D-49DF-4FF6-93B3-541402F697BF}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC6C58D-49DF-4FF6-93B3-541402F697BF}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF03153D-7820-4742-B123-40CAF6B08317}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF03153D-7820-4742-B123-40CAF6B08317}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B82C2BD4-244B-4E1D-993F-5FA5659B3D0F}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B82C2BD4-244B-4E1D-993F-5FA5659B3D0F}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC3B0896-86D8-4D12-A348-D2C6280D00DB}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC3B0896-86D8-4D12-A348-D2C6280D00DB}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace