Spybot report -Settings=hkey_local_machines\software\microsoft\windowsnt\c
:thanks:
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---
2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-27 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi
2009-09-01 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-09-01 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-09-01 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-09-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-08-19 Includes\Malware.sbi
2009-09-01 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-09-01 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-09-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-09-01 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi
2009-09-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB971180)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 71216
MD5: B9B78F0D9AEBCA8F717680FBABBB5FF4
Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 195072
MD5: F3293561CD1E181667BEFD44134F8E28
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2007832
MD5: ADB19E69937A076BDE7D08928248F5C8
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 84EC0B55BCBE872F999ACDCE58E3F67D
Located: HK_LM:Run, DellSupportCenter
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6
Located: HK_LM:Run, DLA
command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
Located: HK_LM:Run, DMXLauncher
command: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
file: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, dscactivate
command: "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
file: C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
size: 16384
MD5: 267B3A856E9F4DB1CABD4E6DB71E07D2
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1170479121\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1170479121\ee\AOLSoftware.exe
size: 41824
MD5: 22870F235504152FE8873986A3D94905
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 82ADC58B63E069AC4641A33EA9841E54
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: A0E2FFB7B0FCE82AA3BCC3105306C45C
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 5656D65A9A9F1E3D68D64A350CFF1732
Located: HK_LM:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
size: 249856
MD5: 9E109B03018763FDCB075CE74547BE22
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, Lexmark 1200 Series
command: "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
file: C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
size: 57344
MD5: CBDA2D5F8338812923B92D80F410AD5E
Located: HK_LM:Run, MSKDetectorExe
command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
file: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
size: 1117184
MD5: 60EAC5EBBF0849010CB6941D44E39AB6
Located: HK_LM:Run, Norton Ghost 10.0
command: "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
file: C:\Program Files\Norton Ghost\Agent\GhostTray.exe
size: 1537696
MD5: 294F5038A9D2AC73A8C6F3888F97FB42
Located: HK_LM:Run, OutpostFeedBack
command: "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
file: C:\Program Files\Agnitum\Outpost Firewall\feedback.exe
size: 428032
MD5: 43129B804AC901F45DFDF3D3153B882D
Located: HK_LM:Run, OutpostMonitor
command: C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
file: C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
size: 2374464
MD5: B4A1F482599FB41878B4EF8363282A4D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
Located: HK_CU:Run, DellSupport
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, AOL Fast Start
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: "C:\Program Files\AOL 9.1\AOL.EXE" -b
file: C:\Program Files\AOL 9.1\AOL.EXE
size: 50528
MD5: D29055D3F0AAE264E906FC50B0883B30
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, DellSupport
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
Located: HK_CU:Run, DellSupportCenter
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
file: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1420787331-2628367206-2861657422-1005...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: Startup (common), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166
Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
Located: Startup (common), Kodak EasyShare software.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 282624
MD5: FBB5B5B4D8C96624C7D57C5FB25F387D
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Dimension E 310\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 2:56:50 AM
Date (last access): 9/4/2009 1:39:48 AM
Date (last write): 12/14/2004 2:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 5/9/2009 10:13:56 PM
Date (last access): 9/4/2009 1:39:52 AM
Date (last write): 8/16/2009 10:42:28 AM
Filesize: 1111320
Attributes: archive
MD5: 726F21F6723ECEBA37DCF325E1A5FFEC
CRC32: 170FF9EA
Version: 8.5.0.405
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/20/2008 6:37:00 AM
Date (last access): 9/4/2009 3:18:00 AM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes:
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\System32\DLA\
Long name: DLASHX_W.DLL
Short name:
Date (created): 6/19/2006 7:32:50 AM
Date (last access): 9/4/2009 1:40:00 AM
Date (last write): 9/8/2005 5:20:00 AM
Filesize: 110652
Attributes: archive
MD5: 8EF6619212E5500022AB22FF11E68D3B
CRC32: 132215F0
Version: 5.20.8.0
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AOL Toolbar Launcher
CLSID name: AOL Toolbar Launcher
Path: C:\Program Files\AOL\AOL Toolbar 5.0\
Long name: aoltb.dll
Short name:
Date (created): 3/23/2007 4:35:32 PM
Date (last access): 9/4/2009 1:40:02 AM
Date (last write): 3/23/2007 4:35:32 PM
Filesize: 1025584
Attributes: archive
MD5: 011F8C5B56074CA0262824C709C0CD5A
CRC32: C1DC388E
Version: 5.0.17.1
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 7/7/2006 1:29:52 PM
Date (last access): 9/4/2009 1:40:04 AM
Date (last write): 7/7/2006 1:29:52 PM
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1
{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG8\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 6/25/2009 4:30:00 PM
Date (last access): 9/4/2009 1:40:08 AM
Date (last write): 7/24/2009 9:55:58 AM
Filesize: 1090816
Attributes: archive
MD5: CFB52F9EB909FF7B9D92158A9ED77A54
CRC32: 80C0D88F
Version: 2.507.24.1
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10/19/2007 12:20:48 PM
Date (last access): 9/4/2009 1:40:10 AM
Date (last write): 10/19/2007 12:20:48 PM
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 6/12/2009 6:17:48 AM
Date (last access): 9/4/2009 1:40:12 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 41760
Attributes: archive
MD5: 1E57B1A44C7DFFA1C38534279C14B3CE
CRC32: BA79295C
Version: 6.0.150.3
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 6/12/2009 6:18:02 AM
Date (last access): 9/4/2009 1:40:12 AM
Date (last write): 7/25/2009 5:22:44 AM
Filesize: 73728
Attributes: archive
MD5: 55E583817A2012FD75F1F8CF87EE760C
CRC32: 7051D2F4
Version: 6.0.150.3
--- ActiveX list ---
{2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner)
DPF name:
CLSID name: F5 Networks CacheCleaner
Installer: C:\WINDOWS\Downloaded Program Files\cachecleaner.inf
Codebase:
description:
classification: Open for discussion
known filename: cachecleaner.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cachecleaner.dll
Short name: CACHEC~1.DLL
Date (created): 2/2/2007 11:56:02 PM
Date (last access): 8/12/2009 4:57:24 AM
Date (last write): 9/21/2005 4:38:28 PM
Filesize: 108400
Attributes: archive
MD5: B08E3F1175B64B343A4E6F3152646207
CRC32: 1FE02115
Version: 5500.0.50921.1
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
Codebase: http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 6/20/2006 3:44:04 PM
Date (last access): 9/3/2009 6:00:30 PM
Date (last write): 6/20/2006 3:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0
{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel)
DPF name:
CLSID name: F5 Networks SSLTunnel
Installer: C:\WINDOWS\Downloaded Program Files\urTermProxy.inf
Codebase: https://firepass.manh.com/vdesk/term...5500,0,50803,1
description:
classification: Legitimate
known filename: urTermProxy.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: urTermProxy.dll
Short name: URTERM~1.DLL
Date (created): 2/3/2007 12:00:48 AM
Date (last access): 8/12/2009 4:57:26 AM
Date (last write): 8/3/2005 2:22:12 PM
Filesize: 835968
Attributes: archive
MD5: E8ADFE0783BC6F86048DABA76056A66C
CRC32: 17113456
Version: 5500.0.50803.1
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/micr...?1193645868421
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 7:18:34 PM
Date (last access): 9/3/2009 6:04:12 PM
Date (last write): 10/16/2008 3:06:48 PM
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 8/12/2009 4:57:26 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator)
DPF name:
CLSID name: F5 Networks 5250 Terminal emulator
Installer: C:\WINDOWS\Downloaded Program Files\ur5250x.inf
Codebase: https://firepass.manh.com/vdesk/term...=5500,0,0909,1
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ur5250x.dll
Short name:
Date (created): 2/2/2007 11:59:34 PM
Date (last access): 8/12/2009 4:57:26 AM
Date (last write): 9/9/2005 9:06:32 PM
Filesize: 181120
Attributes: archive
MD5: 4D7A9B893013E61B869FA6ACDD6B87B8
CRC32: 47507FF9
Version: 5500.0.909.1
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name:
Installer:
Codebase: http://java.sun.com/products/plugin/...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 9/4/2009 3:18:12 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 7/25/2009 3:00:36 AM
Date (last access): 9/4/2009 3:18:12 AM
Date (last write): 7/25/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://www.adobe.com/products/acrobat/nos/gp.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 7/17/2009 11:12:12 PM
Date (last access): 9/4/2009 2:30:46 AM
Date (last write): 7/17/2009 11:12:12 PM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18
{E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control)
DPF name:
CLSID name: F5 Networks Host Control
Installer: C:\WINDOWS\Downloaded Program Files\urxhost.inf
Codebase: https://firepass.manh.com/vdesk/terminal/urxhost.cab
description:
classification: Open for discussion
known filename: urxhost.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: urxhost.dll
Short name:
Date (created): 9/28/2005 3:02:14 PM
Date (last access): 8/12/2009 4:57:32 AM
Date (last write): 9/28/2005 3:02:14 PM
Filesize: 363376
Attributes: archive
MD5: B6E4CC6C5ECEEC468BCB99A4B72CAC6F
CRC32: 67ECA82D
Version: 5500.0.50928.1
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 900 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 996 ( 900) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1020 ( 900) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 1064 (1020) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1076 (1020) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1260 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1308 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1348 (1064) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1384 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1616 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1760 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1768 (1668) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1848 (1064) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 165488
MD5: BB98479C3135C05291D54DEBD7B310D5
PID: 1928 (1064) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: 69637EB41F3467DDA6CCCEBA7C320E0A
PID: 156 (1064) C:\WINDOWS\system32\LEXBCES.EXE
size: 311296
MD5: A1043645D16915DF12A6F2E049922A18
PID: 192 (1064) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 212 ( 156) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: AF31E60B6BF71BD74B16DDF5C679FBA3
PID: 320 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 364 (1064) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
size: 109056
MD5: 769DB4F484957CC98153B3C1B5D1162F
PID: 392 (1064) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 404 (1064) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
PID: 436 (1064) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 297752
MD5: DB338A6BD3976904EB0F8343F51E64EB
PID: 624 (1064) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 668 (1064) C:\WINDOWS\System32\GEARSec.exe
size: 53248
MD5: B6E01969246FCB67470E87E6957EE147
PID: 720 (1064) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 112325F53AB720CA77825726D427FBDC
PID: 816 (1064) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
size: 201968
MD5: 777115C9CC675BD98127660712D2F784
PID: 916 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 940 (1064) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1188 (1064) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: EB9A99AB5D17B1727034FF191E6448D7
PID: 1580 (1064) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2256 (1064) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 908056
MD5: B9AE3C63A53396CD669EF8AE9C9CBD85
PID: 2288 ( 436) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 486680
MD5: 65EA6EB029BB031773473AD9A78A666D
PID: 2296 ( 436) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 595736
MD5: A6CF4FF9BE1202800C22EC5A6A7CF4A6
PID: 2740 (1064) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 96341
MD5: 5753532C476B83119D85AA43B1B10AB3
PID: 2804 (2256) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 693016
MD5: 98D6BB2D06986E9E1051F2CBE3CF6E7A
PID: 2972 (1064) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3440 (1768) C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
PID: 3460 (1768) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 82ADC58B63E069AC4641A33EA9841E54
PID: 3480 (1768) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: A0E2FFB7B0FCE82AA3BCC3105306C45C
PID: 3488 (1768) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 84EC0B55BCBE872F999ACDCE58E3F67D
PID: 3516 (1768) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583B7D111304BE63D7D9CB65482D2187
PID: 3524 (1768) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
PID: 3628 (1768) C:\Program Files\Common Files\AOL\1170479121\ee\AOLSoftware.exe
size: 41824
MD5: 22870F235504152FE8873986A3D94905
PID: 3704 (1768) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
size: 206064
MD5: 3917664C26B4344768C288BBA6FEFCB6
PID: 3712 (1768) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 195072
MD5: F3293561CD1E181667BEFD44134F8E28
PID: 3720 (1768) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2007832
MD5: ADB19E69937A076BDE7D08928248F5C8
PID: 3844 (1768) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 3860 (1768) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
PID: 3980 (1768) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 468 (1768) C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: B75FDBF14073D72C50624CC8338DD534
PID: 2104 ( 636) C:\Program Files\AOL 9.1\waol.exe
size: 39264
MD5: 6DF2D7A89F81E1127535821FEAD8C55E
PID: 680 (1768) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 1892 (1768) C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
PID: 3180 (1064) C:\Program Files\iPod\bin\iPodService.exe
size: 542496
MD5: E8E568EA584973DFD99AAC7D00A16287
PID: 676 (2104) C:\Program Files\AOL 9.1\shellmon.exe
size: 54624
MD5: 92CA7FE0AED73DB79A2931446EEDEB2B
PID: 3408 (2104) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
size: 63120
MD5: CAA1EBD9AD92E6C6E83A5642EBC34CA6
PID: 2636 ( 680) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 5E28284F9B5F9097640D58A73D38AD4C
PID: 3612 ( 680) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 4 ( 0) System
PID: 380 (1064) acs.exe
PID: 3748 (1768) op_mon.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/4/2009 3:18:15 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CC36E17-BFF8-4F78-B76F-BE30496C243D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CC36E17-BFF8-4F78-B76F-BE30496C243D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F6B3C11-37E3-4715-8B3A-4025A3EDE8F7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F6B3C11-37E3-4715-8B3A-4025A3EDE8F7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29B39846-0902-49E5-B96A-2F1FC54E9A72}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F9FBC39-C724-4E7B-AEFD-EDFE1FAC9BF8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C15E9028-5273-469F-9052-37C24F8850EF}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C15E9028-5273-469F-9052-37C24F8850EF}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B2B8567-DE40-4614-A603-C99B50543418}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B2B8567-DE40-4614-A603-C99B50543418}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP