Results 1 to 2 of 2

Thread: Need help removing Virtumonde .sci

  1. 2009-02-04, 13:01 #1
    rockindiver
    rockindiver is offline
    Junior Member
    Join Date
    Feb 2009
    Posts
    13

    Default Need help removing Virtumonde .sci

    I ran S&D and came up with an infection of Virtumonde.sci. S&D could not remove.
    Here's my file.....what do I do next to get rid of it?

    --- Search result list ---
    Hint of the Day: Click the bar at the right of this to see more information! ()


    Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

    Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Microsoft.Windows.AppFirewallBypass: [SBI $2AF14C29] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Virtumonde.sci: [SBI $C747BB01] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

    Virtumonde.sci: [SBI $53DCC2E2] Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}


    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

    2008-08-14 blindman.exe (1.0.0.8)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-08-14 SDFiles.exe (1.6.0.4)
    2008-08-14 SDMain.exe (1.0.0.6)
    2008-08-14 SDShred.exe (1.0.2.3)
    2008-08-14 SDUpdate.exe (1.6.0.9)
    2008-08-14 SDWinSec.exe (1.0.0.12)
    2008-07-30 SpybotSD.exe (1.6.0.31)
    2008-09-16 TeaTimer.exe (1.6.3.25)
    2009-02-03 unins000.exe (51.49.0.0)
    2008-08-14 Update.exe (1.6.0.7)
    2008-10-22 advcheck.dll (1.6.2.13)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-09-15 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-10-22 Tools.dll (2.1.6.8)
    2009-01-22 Includes\Adware.sbi (*)
    2009-01-22 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-01-06 Includes\Dialer.sbi (*)
    2009-01-22 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2008-11-18 Includes\Hijackers.sbi (*)
    2009-01-22 Includes\HijackersC.sbi (*)
    2008-12-09 Includes\Keyloggers.sbi (*)
    2009-01-22 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-11-18 Includes\Malware.sbi (*)
    2009-01-28 Includes\MalwareC.sbi (*)
    2008-12-16 Includes\PUPS.sbi (*)
    2009-01-27 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-01-27 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-01-28 Includes\Spyware.sbi (*)
    2009-01-28 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2009-01-21 Includes\Trojans.sbi (*)
    2009-01-27 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Windows XP Hotfix - KB889673
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Hotfix for Windows XP (KB896256)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896424)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Hotfix for Windows XP (KB906569)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Security Update for Windows XP (KB908531)
    / Windows XP / SP3: Hotfix for Windows XP (KB908673)
    / Windows XP / SP3: Hotfix for Windows XP (KB909095)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Security Update for Windows XP (KB912919)
    / Windows XP / SP3: Update for Windows XP (KB912945)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB917344)
    / Windows XP / SP3: Security Update for Windows XP (KB917422)
    / Windows XP / SP3: Security Update for Windows XP (KB917953)
    / Windows XP / SP3: Security Update for Windows XP (KB918118)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920213)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Security Update for Windows XP (KB921503)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922819)
    / Windows XP / SP3: Security Update for Windows XP (KB923191)
    / Windows XP / SP3: Security Update for Windows XP (KB923414)
    / Windows XP / SP3: Security Update for Windows XP (KB923694)
    / Windows XP / SP3: Security Update for Windows XP (KB923980)
    / Windows XP / SP3: Security Update for Windows XP (KB924191)
    / Windows XP / SP3: Security Update for Windows XP (KB924270)
    / Windows XP / SP3: Security Update for Windows XP (KB924496)
    / Windows XP / SP3: Security Update for Windows XP (KB924667)
    / Windows XP / SP3: Security Update for Windows XP (KB925902)
    / Windows XP / SP3: Security Update for Windows XP (KB926255)
    / Windows XP / SP3: Security Update for Windows XP (KB926436)
    / Windows XP / SP3: Security Update for Windows XP (KB927779)
    / Windows XP / SP3: Security Update for Windows XP (KB927802)
    / Windows XP / SP3: Update for Windows XP (KB927891)
    / Windows XP / SP3: Security Update for Windows XP (KB928090)
    / Windows XP / SP3: Security Update for Windows XP (KB928255)
    / Windows XP / SP3: Security Update for Windows XP (KB928843)
    / Windows XP / SP3: Security Update for Windows XP (KB929123)
    / Windows XP / SP3: Security Update for Windows XP (KB929969)
    / Windows XP / SP3: Security Update for Windows XP (KB930178)
    / Windows XP / SP3: Update for Windows XP (KB930916)
    / Windows XP / SP3: Security Update for Windows XP (KB931261)
    / Windows XP / SP3: Security Update for Windows XP (KB931768)
    / Windows XP / SP3: Security Update for Windows XP (KB931784)
    / Windows XP / SP3: Update for Windows XP (KB931836)
    / Windows XP / SP3: Security Update for Windows XP (KB932168)
    / Windows XP / SP3: Update for Windows XP (KB933360)
    / Windows XP / SP3: Security Update for Windows XP (KB933566)
    / Windows XP / SP3: Security Update for Windows XP (KB933729)
    / Windows XP / SP3: Security Update for Windows XP (KB935839)
    / Windows XP / SP3: Security Update for Windows XP (KB935840)
    / Windows XP / SP3: Security Update for Windows XP (KB936021)
    / Windows XP / SP3: Security Update for Windows XP (KB937143)
    / Windows XP / SP3: Security Update for Windows XP (KB938127)
    / Windows XP / SP3: Update for Windows XP (KB938828)
    / Windows XP / SP3: Security Update for Windows XP (KB938829)
    / Windows XP / SP3: Security Update for Windows XP (KB939653)
    / Windows XP / SP3: Security Update for Windows XP (KB941202)
    / Windows XP / SP3: Security Update for Windows XP (KB941568)
    / Windows XP / SP3: Security Update for Windows XP (KB941644)
    / Windows XP / SP3: Security Update for Windows XP (KB941693)
    / Windows XP / SP3: Security Update for Windows XP (KB942615)
    / Windows XP / SP3: Update for Windows XP (KB942763)
    / Windows XP / SP3: Update for Windows XP (KB942840)
    / Windows XP / SP3: Security Update for Windows XP (KB943055)
    / Windows XP / SP3: Security Update for Windows XP (KB943460)
    / Windows XP / SP3: Security Update for Windows XP (KB943485)
    / Windows XP / SP3: Security Update for Windows XP (KB944338)
    / Windows XP / SP3: Security Update for Windows XP (KB944533)
    / Windows XP / SP3: Security Update for Windows XP (KB944653)
    / Windows XP / SP3: Security Update for Windows XP (KB945553)
    / Windows XP / SP3: Security Update for Windows XP (KB946026)
    / Windows XP / SP3: Update for Windows XP (KB946627)
    / Windows XP / SP3: Security Update for Windows XP (KB947864)
    / Windows XP / SP3: Security Update for Windows XP (KB948590)
    / Windows XP / SP3: Security Update for Windows XP (KB948881)
    / Windows XP / SP3: Security Update for Windows XP (KB950749)
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950759)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953838)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Security Update for Windows XP (KB954211)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956390)
    / Windows XP / SP4: Security Update for Windows XP (KB956391)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956841)
    / Windows XP / SP4: Security Update for Windows XP (KB957095)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958215)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB960714)
    / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


    --- Startup entries list ---
    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 53096
    MD5: E49A329D21C9D2085128D185A45C6D6A

    Located: HK_LM:Run, DLA
    command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    size: 122940
    MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8

    Located: HK_LM:Run, DMXLauncher
    command: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    file: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    size: 94208
    MD5: C24B51FAF9BAAEF67C484D60866693B1

    Located: HK_LM:Run, EPSON Stylus Photo R200 Series
    command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    size: 99840
    MD5: A4C1716A34262E098CB585DB78895312

    Located: HK_LM:Run, Google Desktop Search
    command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 169984
    MD5: E5A3C50686EA89B1ED8D9C232193A461

    Located: HK_LM:Run, ISUSPM Startup
    command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    size: 221184
    MD5: FB9E5C251CF6C37749F296BACB34A69B

    Located: HK_LM:Run, ISUSScheduler
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 763DAB43BDAB27316DBF3373192823D7

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 290088
    MD5: E6A4E341E4304B34AA280D3E73818C90

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    file: C:\WINDOWS\system32\NvCpl.dll
    size: 7630848
    MD5: BF992604ADFE10D8F7343D9DF2E91FF6

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\WINDOWS\system32\NvMcTray.dll
    size: 86016
    MD5: 9FFA0F0822246BA7CEC9E55AD1C77FF8

    Located: HK_LM:Run, nwiz
    command: nwiz.exe /install
    file: C:\WINDOWS\system32\nwiz.exe
    size: 1617920
    MD5: BF40C88CEEBD9EA8F5D1EC858D9CC92E

    Located: HK_LM:Run, Picasa Media Detector
    command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    size: 366400
    MD5: 72B2CAD5F56B875CA8B75B39412ADA20

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: 9C9B6807425CEF840C117654D8B033D1

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: stsystra.exe
    file: C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    size: 36975
    MD5: 61A3A9D5D98BF0331DF5B716144A8100

    Located: HK_LM:Run, Symantec PIF AlertEng
    command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    size: 583048
    MD5: 2D1389E05A807D956829F44BD4B60389

    Located: HK_LM:Run, URLLSTCK.exe
    command: C:\Program Files\Norton Internet Security\UrlLstCk.exe
    file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
    size: 23168
    MD5: 22778B4A1E8E7BED53D00345D40B8683

    Located: HK_LM:RunOnce, SpybotSnD
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891984
    MD5: 9C8F0F34F66BB845B42F70E92A972B5F

    Located: HK_CU:Run, DellSupport
    where: PE_C_HEIDI...
    command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    file: C:\Program Files\Dell Support\DSAgnt.exe
    size: 395776
    MD5: 825EDDDB0521EB2183C7E3C45BB5FE97

    Located: HK_CU:Run, MSMSGS
    where: PE_C_HEIDI...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

    Located: HK_CU:Run, QuickTime Task
    where: PE_C_HEIDI...
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: 9C9B6807425CEF840C117654D8B033D1

    Located: HK_CU:Run, swg
    where: PE_C_HEIDI...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE

    Located: HK_CU:Run, DellSupport
    where: S-1-5-21-4104854015-2499374473-932036017-1006...
    command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    file: C:\Program Files\Dell Support\DSAgnt.exe
    size: 395776
    MD5: 825EDDDB0521EB2183C7E3C45BB5FE97

    Located: HK_CU:Run, MSMSGS
    where: S-1-5-21-4104854015-2499374473-932036017-1006...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-4104854015-2499374473-932036017-1006...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1833296
    MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

    Located: HK_CU:Run, swg
    where: S-1-5-21-4104854015-2499374473-932036017-1006...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE

    Located: HK_CU:Run, updateMgr
    where: S-1-5-21-4104854015-2499374473-932036017-1006...
    command: "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    size: 313472
    MD5: 43F3F6D33C793089A7C32B45DA16094B

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: 43362B96870CE8649F4F2EC893DA93F0

    Located: Startup (user), Adobe Gamma.lnk
    where: C:\Documents and Settings\Michael\Start Menu\Programs\Startup...
    command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    size: 113664
    MD5: C2FF17734176CD15221C10044EF0BA1A

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Adobe PDF Reader Link Helper
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 12/18/2006 3:16:42 AM
    Date (last access): 2/4/2009 6:28:30 AM
    Date (last write): 12/18/2006 3:16:42 AM
    Filesize: 59032
    Attributes: archive
    MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
    CRC32: 7B0A854F
    Version: 7.0.9.50

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 2/5/2008 5:23:02 PM
    Date (last access): 2/4/2009 6:27:30 AM
    Date (last write): 9/15/2008 2:25:44 PM
    Filesize: 1562960
    Attributes:
    MD5: 35F73F1936BDE91F1B6995510A61E7A8
    CRC32: BE6A5D15
    Version: 1.6.2.14

    {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: DriveLetterAccess
    description: Hewlett-Packard's DLA software
    classification: Unknown
    known filename: tfswshx.dll
    info link:
    info source: TonyKlein
    Path: C:\WINDOWS\System32\DLA\
    Long name: DLASHX_W.DLL
    Short name:
    Date (created): 5/31/2007 8:36:02 AM
    Date (last access): 2/4/2009 6:28:34 AM
    Date (last write): 9/8/2005 4:20:00 AM
    Filesize: 110652
    Attributes: archive
    MD5: 8EF6619212E5500022AB22FF11E68D3B
    CRC32: 132215F0
    Version: 5.20.8.0

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 3/2/2006 12:53:00 PM
    Date (last access): 2/4/2009 6:28:34 AM
    Date (last write): 11/10/2005 12:22:12 PM
    Filesize: 184423
    Attributes: archive
    MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
    CRC32: 0111B892
    Version: 5.0.60.5

    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Norton Internet Security 2006)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Norton Internet Security 2006
    CLSID name: CNisExtBho Class
    description: NIS 2004,
    classification: Legitimate
    known filename: NISShExt.dll
    info link: http://www.symantec.com/sabu/nis/nis_pe/
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\
    Long name: NISShExt.dll
    Short name:
    Date (created): 11/17/2005 2:33:14 AM
    Date (last access): 2/4/2009 6:28:30 AM
    Date (last write): 11/17/2005 2:33:14 AM
    Filesize: 94336
    Attributes: archive
    MD5: 22B1A1F383624202CBABB6E9ACAA47EC
    CRC32: 0540F210
    Version: 9.0.3.4

    {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: NAV Helper
    CLSID name: CNavExtBho Class
    Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
    Long name: NAVSHEXT.DLL
    Short name:
    Date (created): 11/17/2005 2:32:54 AM
    Date (last access): 2/4/2009 6:28:30 AM
    Date (last write): 5/23/2007 11:13:40 AM
    Filesize: 140912
    Attributes: archive
    MD5: 488EBFD8A248EB6E26CD6840C6E3788C
    CRC32: 1C84CFEE
    Version: 12.8.0.4

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar2.dll
    Short name: GOOGLE~2.DLL
    Date (created): 6/21/2007 8:57:10 PM
    Date (last access): 2/4/2009 6:32:38 AM
    Date (last write): 6/21/2007 8:57:10 PM
    Filesize: 2554944
    Attributes: readonly archive
    MD5: C898A8FC22C86857A58147351A534D5C
    CRC32: 45F483F8
    Version: 4.0.1602.1060

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Notifier BHO
    Path: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\
    Long name: swg.dll
    Short name:
    Date (created): 10/10/2008 8:05:38 PM
    Date (last access): 2/4/2009 6:28:08 AM
    Date (last write): 10/10/2008 8:05:38 PM
    Filesize: 737776
    Attributes: archive
    MD5: AB32387A8F8C696A0739768B6B913714
    CRC32: F4E76414
    Version: 3.1.807.1746



    --- ActiveX list ---
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://go.microsoft.com/fwlink/?linkid=39204
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 4/24/2007 10:32:06 AM
    Date (last access): 2/4/2009 6:43:10 AM
    Date (last write): 4/24/2007 10:32:06 AM
    Filesize: 1485696
    Attributes: archive
    MD5: F41FA54CD85AF8AACF8C7E084F6742F4
    CRC32: 6328586B
    Version: 1.7.36.0

    {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)
    DPF name:
    CLSID name: Kodak Gallery Easy Upload Manager Class
    Installer: C:\WINDOWS\Downloaded Program Files\axofupld.inf
    Codebase: http://www.kodakgallery.com/download...2/axofupld.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: axofupld.dll
    Short name:
    Date (created): 8/21/2007 10:30:00 AM
    Date (last access): 2/4/2009 6:39:46 AM
    Date (last write): 8/21/2007 10:30:00 AM
    Filesize: 196608
    Attributes: archive
    MD5: 6D7A5FA14CADB19AD77B20A054F8C14A
    CRC32: CCB39000
    Version: 2.2.1.25

    {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)
    DPF name:
    CLSID name: Kodak Gallery Easy Upload Manager Class
    Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\axofupld.inf
    Codebase: http://www.kodakgallery.com/download...2/axofupld.cab
    Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
    Long name: axofupld.dll
    Short name:
    Date (created): 1/17/2008 6:41:58 AM
    Date (last access): 12/26/2008 12:46:42 PM
    Date (last write): 1/17/2008 6:41:58 AM
    Filesize: 196608
    Attributes: archive
    MD5: 0B1BF1766D955467C054AF1079433204
    CRC32: D0C6A667
    Version: 2.2.1.26

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 12:52:58 PM
    Date (last access): 2/3/2009 9:29:20 PM
    Date (last write): 11/10/2005 12:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 12:52:58 PM
    Date (last access): 2/4/2009 6:55:16 AM
    Date (last write): 11/10/2005 12:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 12:52:58 PM
    Date (last access): 2/4/2009 6:55:16 AM
    Date (last write): 11/10/2005 12:22:12 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload.macromedia.com/get...nt/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash9f.ocx
    Short name:
    Date (created): 3/24/2008 9:32:42 PM
    Date (last access): 2/4/2009 6:28:26 AM
    Date (last write): 3/24/2008 9:32:42 PM
    Filesize: 2991488
    Attributes: readonly archive
    MD5: 48FDF435B8595604E54125B321924510
    CRC32: 12335E29
    Version: 9.0.124.0



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 380 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 596 ( 380) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 620 ( 380) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 664 ( 620) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 676 ( 620) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 860 ( 664) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 932 ( 664) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1028 ( 664) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1116 ( 664) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1224 ( 664) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1300 ( 664) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    size: 169320
    MD5: 3D6268B8EC5EE11BBAF9256252869589
    PID: 1844 ( 664) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    size: 191848
    MD5: 0ED8EAF3FB6FB671103EECF52CF0D685
    PID: 1996 (1976) C:\WINDOWS\Explorer.EXE
    size: 1033216
    MD5: 97BD6515465659FF8F3B7BE375B2EA87
    PID: 2028 ( 664) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    size: 202088
    MD5: B5DA112DE760722A829F4FDE067F12B0
    PID: 2040 ( 664) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    size: 583048
    MD5: 2D1389E05A807D956829F44BD4B60389
    PID: 160 ( 664) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    size: 214408
    MD5: 0CB1E12D9741308B5A9CDC5C7D2A1D97
    PID: 224 ( 664) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    size: 1160800
    MD5: 780DE647691972907D86194577F58C43
    PID: 288 ( 664) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    size: 1251720
    MD5: FA2F6A8849219B16460BF44F9D1F3AA7
    PID: 504 ( 664) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    size: 611664
    MD5: 17067069B9A7865028C1F2E6971D0CCC
    PID: 744 ( 664) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1156 ( 664) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    size: 132424
    MD5: A8AA9D47F971570A5162B862B80F87E8
    PID: 1176 ( 664) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    size: 100032
    MD5: 7768CE75C5CBF0D8F441CE2BBD806B7F
    PID: 1204 ( 664) C:\Program Files\Bonjour\mDNSResponder.exe
    size: 238888
    MD5: 3F56903E124E820AEECE6D471583C6C1
    PID: 1312 ( 664) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    size: 139888
    MD5: 606C21D97649E5C44B94763380F07B7C
    PID: 1512 ( 664) C:\WINDOWS\system32\nvsvc32.exe
    size: 155715
    MD5: 986D6666E076AFD2B60ACAFD5B01A00F
    PID: 1564 ( 664) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1592 ( 664) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: AB0A7CA90D9E3D6A193905DC1715DED0
    PID: 2100 ( 664) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 1716 (1996) C:\WINDOWS\system32\RUNDLL32.EXE
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 3200 (1996) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    size: 36975
    MD5: 61A3A9D5D98BF0331DF5B716144A8100
    PID: 2896 (1996) C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    size: 94208
    MD5: C24B51FAF9BAAEF67C484D60866693B1
    PID: 2096 (1996) C:\WINDOWS\stsystra.exe
    size: 282624
    MD5: 289BDC9E5681BD1BE0FB871C460BD254
    PID: 2788 (1996) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 53096
    MD5: E49A329D21C9D2085128D185A45C6D6A
    PID: 2972 (1996) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    size: 122940
    MD5: CEFD0E35B35AFD9D1C2FEC9AF81AFDB8
    PID: 580 (1028) C:\WINDOWS\system32\wuauclt.exe
    size: 51224
    MD5: E654B78D2F1D791B30D0ED9A8195EC22
    PID: 1776 (1996) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 763DAB43BDAB27316DBF3373192823D7
    PID: 132 (1996) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    size: 169984
    MD5: E5A3C50686EA89B1ED8D9C232193A461
    PID: 2116 (1996) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    size: 99840
    MD5: A4C1716A34262E098CB585DB78895312
    PID: 1532 (1996) C:\Program Files\Picasa2\PicasaMediaDetector.exe
    size: 366400
    MD5: 72B2CAD5F56B875CA8B75B39412ADA20
    PID: 3028 (1996) C:\Program Files\iTunes\iTunesHelper.exe
    size: 290088
    MD5: E6A4E341E4304B34AA280D3E73818C90
    PID: 2192 (1996) C:\Program Files\Dell Support\DSAgnt.exe
    size: 395776
    MD5: 825EDDDB0521EB2183C7E3C45BB5FE97
    PID: 3456 (1996) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 68856
    MD5: E616A6A6E91B0A86F2F6217CDE835FFE
    PID: 3344 (1996) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1833296
    MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
    PID: 1412 (1996) C:\Program Files\BitLord\BitLord.exe
    size: 2224128
    MD5: 1E6BD9D8A9494A8B5B21A95D9C2E3BDA
    PID: 3772 ( 132) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    size: 555008
    MD5: A1D6BE93E9FF2A21D6064B0C365C1315
    PID: 3764 ( 132) C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    size: 415744
    MD5: 3DF645A2396BDCDD73A5BFF7E9191508
    PID: 3364 ( 664) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1836 (1996) C:\Program Files\Internet Explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 1424 ( 664) C:\Program Files\iPod\bin\iPodService.exe
    size: 536872
    MD5: 62937A89470AF8FF172F0980CA8AEFC9
    PID: 2340 ( 664) C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    size: 750720
    MD5: BDFD869422054A90372BF26FF4442C27
    PID: 3608 (1996) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891984
    MD5: 9C8F0F34F66BB845B42F70E92A972B5F
    PID: 2384 ( 860) C:\Program Files\Messenger\msmsgs.exe
    size: 1694208
    MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 2/4/2009 6:55:16 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.google.com/hws/sb/dell-us...tml?channel=us
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://www.google.com/hws/sb/dell-us...tml?channel=us
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.google.com/ig/dell?hl=en&...us&ibd=6070531
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://www.google.com/search?q=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.dell.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.dell.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/hws/sb/dell-us...tml?channel=us
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAD6585D-AD53-426F-8594-C1FC1C88EE06}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAD6585D-AD53-426F-8594-C1FC1C88EE06}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 3: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP
  2. 2009-02-04, 19:08 #2
    rockindiver
    rockindiver is offline
    Junior Member
    Join Date
    Feb 2009
    Posts
    13

    Default bump! HHHHEEEEELLLLLLLLPPPPPPP!

    Can someone help?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules