Virtumonde.sdn removal

**greenbdb** · 2009-05-30, 19:35

Here is the HJT Log File.....Greenbdb

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:09 PM, on 5/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\NERO 6\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\WINDOWS\stsystra.exe
D:\NERO 6\InCD\InCD.exe
D:\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\MSGTAG Status\MSGTAGStatus.exe
D:\TinySpell\tinyspell.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
d:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\AntiSpyware Enterprise\scriptproxy.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\NERO 6\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [zSPGuard] c:\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Lamp] D:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSGTAG] "D:\MSGTAG Status\MSGTAGStatus.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [tinySpell] D:\TinySpell\tinyspell.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] ]
O4 - Global Startup: CorelCENTRAL 10.lnk = ?
O4 - Global Startup: CorelCENTRAL 10.lnk.disabled
O4 - Global Startup: PageKeeper Jobs.lnk = D:\pagekeeper\system\PKJobs.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201634056296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Mis...RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\NERO 6\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
O24 - Desktop Component 1: (no name) - http://www.zoomtown.com/

--
End of file - 10160 bytes

**Shaba** · 2009-05-31, 13:27

Hi greenbdb

Please post next spybot report

**greenbdb** · 2009-06-02, 03:55

I posted my HJT file as Tashi advised, but I do not know what the 2nd post is or what PM means. Please pardon my obvious ignorance here.

**greenbdb** · 2009-06-02, 04:04

I hope this is the report you referring to.....Greenbdb

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-05-26 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-05-26 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-05-26 Includes\HijackersC.sbi
2009-05-06 Includes\Keyloggers.sbi
2009-05-26 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-05-12 Includes\Malware.sbi
2009-05-26 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-05-26 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-05-26 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-05-26 Includes\SpywareC.sbi
2009-04-07 Includes\Tracks.uti
2009-05-12 Includes\Trojans.sbi
2009-05-26 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB886677
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915800)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: D:\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, HP Lamp
command: D:\SCANJET\PrecisionScanPro\HPLamp.exe
file: D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059

Located: HK_LM:Run, InCD
command: D:\NERO 6\InCD\InCD.exe
file: D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0

Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3

Located: HK_LM:Run, Windows Defender
command: "D:\Windows Defender\MSASCui.exe" -hide
file: D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_LM:Run, zSPGuard
command: c:\pjw\spguard\spguard.exe /s /r
file: c:\pjw\spguard\spguard.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA3861
command: command.com /c del "C:\WINDOWS\SchedLgU.Txt"
file: command.com /c del "C:\WINDOWS\SchedLgU.Txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC2273
command: cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:Run, Net-It Launcher (DISABLED)
command: C:\WINDOWS\system32\NILaunch.exe
file: C:\WINDOWS\system32\NILaunch.exe
size: 24576
MD5: CA7ADD387B276901D50C1FF145842C7C

Located: HK_LM:Run, SpybotSnD (DISABLED)
command: "D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSGTAG
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: "D:\MSGTAG Status\MSGTAGStatus.exe" /startup
file: D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E

Located: HK_CU:Run, PhotoShow Deluxe Media Manager
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: ]
file: ]
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, tinySpell
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\TinySpell\tinyspell.exe
file: D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890

Located: HK_CU:Run, Uniblue RegistryBooster 2
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
file: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB6183
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: command.com /c del "C:\WINDOWS\SchedLgU.Txt"
file: command.com /c del "C:\WINDOWS\SchedLgU.Txt"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD9493
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:Run, Picasa Media Detector (DISABLED)
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Picasa2\PicasaMediaDetector.exe
file: D:\Picasa2\PicasaMediaDetector.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), CorelCENTRAL 10.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1

Located: Startup (common), CorelCENTRAL 10.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1

Located: Startup (common), SnagIt 8.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
file: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E

Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE

Located: Startup (disabled), PageKeeper Jobs (DISABLED)
command: D:\PAGEKE~1\system\PKJobs.exe
file: D:\PAGEKE~1\system\PKJobs.exe
size: 150016
MD5: DE129E1F72EB47CCDF2FD032BF5B1D8C

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 7/28/2008 6:47:40 AM
Date (last access): 6/1/2009 9:43:02 PM
Date (last write): 7/28/2008 6:47:40 AM
Filesize: 882416
Attributes:
MD5: 6A2E0E49A4F2A9DF3E6293E37E7486BD
CRC32: F6C7B4F3
Version: 2008.7.28.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2/27/2009 12:07:32 PM
Date (last access): 6/1/2009 8:29:54 PM
Date (last write): 2/27/2009 12:07:32 PM
Filesize: 61816
Attributes: archive
MD5: ECE58A352984777519D4937E41871B4C
CRC32: FEB919AF
Version: 9.1.0.163

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 6/1/2009 9:29:48 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\SPYBOT~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/6/2008 10:35:54 PM
Date (last access): 6/1/2009 9:29:48 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{78875F5C-A685-4405-8DC5-D48DC65452B0} (CDelHotkeys Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CDelHotkeys Object
Path: C:\Program Files\Delicious Add-on for Internet Explorer\
Long name: DeliciousExtension.dll
Short name: DELICI~1.DLL
Date (created): 11/27/2008 7:06:04 AM
Date (last access): 6/1/2009 9:29:48 PM
Date (last write): 11/27/2008 7:06:04 AM
Filesize: 652528
Attributes:
MD5: 541BCDFBBE6B061DBDE02AFD5E62BDEE
CRC32: F6303567
Version: 1.10.269.0

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\AntiSpyware Enterprise\
Long name: scriptproxy.dll
Short name: SCRIPT~1.DLL
Date (created): 12/7/2005 9:50:00 AM
Date (last access): 6/1/2009 9:29:48 PM
Date (last write): 12/7/2005 9:50:00 AM
Filesize: 53248
Attributes:
MD5: D1B8526F2816EEC5616372876F7BD727
CRC32: F737CAF8
Version: 13.0.0.207

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/1/2009 9:30:16 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name:

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 7/28/2008 6:47:42 AM
Date (last access): 6/1/2009 9:30:16 PM
Date (last write): 7/28/2008 6:47:42 AM
Filesize: 160496
Attributes:
MD5: F64C4241FE5E519F62C47C361DC671D7
CRC32: 5F6F96A7
Version: 2008.7.28.1

--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/downlo...OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 3/5/2007 2:34:28 PM
Date (last access): 6/1/2009 6:31:16 PM
Date (last write): 2/4/2008 7:23:10 PM
Filesize: 693792
Attributes:
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0

{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 7/21/2008 5:31:56 PM
Date (last access): 5/31/2009 9:15:10 AM
Date (last write): 7/21/2008 5:31:56 PM
Filesize: 452312
Attributes: archive
MD5: 3237628EA03CE7EB4836C7CE915CB9E7
CRC32: 51D27D7B
Version: 1.0.0.191

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://fpdownload.macromedia.com/get...irector/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: swdir.dll
Short name:
Date (created): 5/2/2008 4:12:30 PM
Date (last access): 5/31/2009 9:15:14 AM
Date (last write): 3/19/2008 7:36:22 PM
Filesize: 202168
Attributes:
MD5: 284259B6EB9901B8978B78AFC5514627
CRC32: 6C37B749
Version: 11.0.0.429

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/micr...?1201634056296
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 8:18:34 PM
Date (last access): 6/1/2009 6:38:00 PM
Date (last write): 10/16/2008 3:06:48 PM
Filesize: 208744
Attributes:
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 5/31/2009 9:15:08 AM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{99FE5072-78AA-4FEE-89BA-69A5FA55343F} (IGDTester Class)
DPF name:
CLSID name: IGDTester Class
Installer: C:\WINDOWS\Downloaded Program Files\igdtoolx.inf
Codebase: http://download.microsoft.com/downlo...4/igdtoolx.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: igdtoolx.dll
Short name:
Date (created): 3/23/2007 4:51:28 PM
Date (last access): 6/1/2009 6:34:18 PM
Date (last write): 3/23/2007 4:51:28 PM
Filesize: 150368
Attributes:
MD5: 11DAA9288E382EBED84D048B6EE17C4F
CRC32: 554659E2
Version: 1.3.5.0

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://www.crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/23/2006 10:37:28 AM
Date (last access): 5/31/2009 9:15:06 AM
Date (last write): 10/23/2006 10:37:28 AM
Filesize: 241664
Attributes:
MD5: 20C3403D5BC63883D8E2F3EDDC340AFF
CRC32: 34EF62D4
Version: 2.2.0.1

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/1/2009 9:59:08 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/1/2009 9:59:08 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ()
DPF name:
CLSID name:
Installer:
Codebase:

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 10:07:18 PM
Date (last access): 6/1/2009 9:43:12 PM
Date (last write): 2/2/2009 10:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class)
DPF name:
CLSID name: CTAdjust Class
Installer: C:\WINDOWS\Downloaded Program Files\clearadj.inf
Codebase: http://download.microsoft.com/downlo...4/clearadj.cab
description:
classification: Legitimate
known filename: clearadj.cab
info link:
info source: JavaCool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: clearadjust.dll
Short name: CLEARA~1.DLL
Date (created): 4/29/2003 4:41:50 PM
Date (last access): 5/31/2009 9:15:52 AM
Date (last write): 4/29/2003 4:41:50 PM
Filesize: 32768
Attributes:
MD5: 939522429B24A97D57E84C2A2DAEC45E
CRC32: C91FBA03
Version: 1.0.0.4

{EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool)
DPF name:
CLSID name: Microsoft Office Live Workspace Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.inf
Codebase: http://workspace.office.live.com/Mis...RichUpload.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Microsoft.OfficeLive.Workspace.RichUpload.dll
Short name: MICROS~1.DLL
Date (created): 1/30/2008 4:22:36 PM
Date (last access): 5/31/2009 9:15:54 AM
Date (last write): 1/30/2008 4:22:36 PM
Filesize: 179272
Attributes:
MD5: AB841AF3FC8EFFB1DBED42FD94442FF9
CRC32: 556861C7
Version: 2.0.1330.0

{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
Codebase: http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
description:
classification: Open for discussion
known filename: DOWNLO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 1/21/2008 10:35:16 PM
Date (last access): 5/31/2009 9:15:20 AM
Date (last write): 1/21/2008 10:35:16 PM
Filesize: 45056
Attributes:
MD5: 7CBFED39041D0BB8EA540E99C2C72121
CRC32: B52B6E75
Version: 2.2.3.4

--- Process list ---
PID: 0 ( 0) [System]
PID: 448 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 504 ( 448) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 532 ( 448) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 576 ( 532) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 588 ( 532) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 768 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 848 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 888 ( 576) D:\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 928 ( 576) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 956 ( 576) D:\NERO 6\InCD\InCDsrv.exe
size: 1163378
MD5: 6884AA2767F9F603E9550F1EA868A5C6
PID: 1088 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1148 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1224 ( 576) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1300 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1344 ( 576) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: 367592EFCA7FF8B4CE11AB6B0744E1E2
PID: 1364 ( 576) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1376 ( 576) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1392 ( 576) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 1460 ( 576) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 1492 ( 576) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
size: 198944
MD5: D933FC7C5E51F4DA342A4E1F2BE3F764
PID: 1520 ( 576) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 102463
MD5: 151549FCB8958B42D9984C3529E2417D
PID: 1588 ( 576) C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
size: 122880
MD5: 6C07561D8464C62FD72E6B52303F998F
PID: 1672 ( 576) C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
size: 30720
MD5: BAE093404E8EEBA9EB8DA93C8D099B94
PID: 1700 ( 768) C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
size: 241719
MD5: 943EC57208D2727152D3BDEF4AFFE05D
PID: 1792 ( 576) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 6FEB04DE6288F5466391E29057DC5B0E
PID: 1828 ( 576) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1940 ( 576) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 1764 (1392) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 2064 (1256) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 2316 (2064) C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0
PID: 2324 (2064) C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0
PID: 2356 (2064) C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
PID: 2412 (2064) D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7
PID: 2420 (2064) D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 2452 (2064) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 2468 (2064) D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059
PID: 2476 (2064) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2488 (2064) D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E
PID: 2504 (2064) D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890
PID: 2884 ( 576) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3180 (2064) C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E
PID: 3236 (3180) C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
size: 58952
MD5: 9E0706AF45E5B89F90547B29162FF4AB
PID: 3252 (3180) C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
size: 75336
MD5: 1636180F24DEA63B8F28B689A5A9A156
PID: 3732 ( 928) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 2996 (2064) C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
size: 2658304
MD5: F940761D4F0F5677EC0F35F1E0FAC204
PID: 2840 (1376) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 3892 (2064) C:\Program Files\Internet Explorer\iexplore.exe
size: 636072
MD5: A251068640DDB69FD7805B57D89D7FF7
PID: 3220 (2064) C:\Program Files\Internet Explorer\iexplore.exe
size: 636072
MD5: A251068640DDB69FD7805B57D89D7FF7
PID: 2012 ( 768) C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
size: 685296
MD5: 1BCF0F61D16C08DF101ABCC53C6774CB
PID: 1628 (3892) C:\Program Files\Java\jre6\bin\java.exe
size: 144792
MD5: D600A0D8FACA5158CA8B221006997808
PID: 2244 (2064) D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/1/2009 9:59:09 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://search.bearflix.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

**Shaba** · 2009-06-02, 06:15

After reading your another thread, it looks like that spybot just stalls when scanning virtumonde.sdn definitions and it doesn't find that infection.

Please rescan with spybot in safe mode and let me know if that helped.

**greenbdb** · 2009-06-03, 21:18

I do not seem to be able to open in the safe mode. Every time I reboot tapping the F8 key repeatedly from the time I initiate the boot start up I get the usual screen asking the selection of boot scenarios. Even though I pick Safe mode (with or without network) it attempts to run through the usual safe mode operations and indicates SAFE MODE, but then it cycles back and the same selection screen appears. I get windows up only by choosing the"Normal windows" option. There must be another way to open in the safe mode but I sure don't know the secret.

I even tried a sudden shutdown by turning off the PC while windows was functioning, but this too drew a blank. Can you suggest an alternate?

**greenbdb** · 2009-06-03, 22:03

I decided to re-run Spybot in the normal Windows mode. It ran normally and there were a number of items (in red) which I allowed the program to fix. The run report follows.....Thanks greenbdb

--- Search result list ---
BurstMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

MediaPlex: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

HitBox: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

DoubleClick: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

AdRevolver: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

AdRevolver: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

BurstMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

Statcounter: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

CasaleMedia: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

HitBox: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

MediaPlex: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

Right Media: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

LinkSynergy: Tracking cookie (Internet Explorer: greenbdb) (Cookie, fixed)

Common Dialogs: History (11 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $1E8157BE] Typed URL list (25 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $D9A946AF] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\Main\Save Directory

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\bin.clearspring.com\clearspring.sol
Properties.size=61
Properties.md5=12C41EF8D9615792965CACA7BAF35067
Properties.filedate=1244051284
Properties.filedatetext=2009-06-03 13:48:04

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\mlb.mlb.com\s_br.sol
Properties.size=35
Properties.md5=760FCA2DC2B18E30543493B04290322A
Properties.filedate=1243995217
Properties.filedatetext=2009-06-02 22:13:37

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\s.ytimg.com\soundData.sol
Properties.size=58
Properties.md5=25585B3F7C8A99AE7EE6E859CACBC074
Properties.filedate=1244034569
Properties.filedatetext=2009-06-03 09:09:29

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\greenbdb\Application Data\Macromedia\Flash Player\#SharedObjects\NGKF7ZG4\s.ytimg.com\videostats.sol
Properties.size=85
Properties.md5=EBC262C5A25E6173E682EF5996939689
Properties.filedate=1244034549
Properties.filedatetext=2009-06-03 09:09:08

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (22 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-2146983963-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (100) (Cookie, nothing done)

Cache: [SBI $49804B54] Cache (2937) (Cache, nothing done)

History: [SBI $49804B54] History (130) (History, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-02 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-06-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-12 Includes\Malware.sbi (*)
2009-06-02 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-02 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti (*)
2009-06-02 Includes\Trojans.sbi (*)
2009-06-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB886677
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915800)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932823-v3)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: D:\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, HP Lamp
command: D:\SCANJET\PrecisionScanPro\HPLamp.exe
file: D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059

Located: HK_LM:Run, InCD
command: D:\NERO 6\InCD\InCD.exe
file: D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0

Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3

Located: HK_LM:Run, Windows Defender
command: "D:\Windows Defender\MSASCui.exe" -hide
file: D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_LM:Run, zSPGuard
command: c:\pjw\spguard\spguard.exe /s /r
file: c:\pjw\spguard\spguard.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Net-It Launcher (DISABLED)
command: C:\WINDOWS\system32\NILaunch.exe
file: C:\WINDOWS\system32\NILaunch.exe
size: 24576
MD5: CA7ADD387B276901D50C1FF145842C7C

Located: HK_LM:Run, SpybotSnD (DISABLED)
command: "D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSGTAG
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: "D:\MSGTAG Status\MSGTAGStatus.exe" /startup
file: D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E

Located: HK_CU:Run, PhotoShow Deluxe Media Manager
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: ]
file: ]
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, tinySpell
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\TinySpell\tinyspell.exe
file: D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890

Located: HK_CU:Run, Uniblue RegistryBooster 2
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
file: D:\Uniblue\RegistryBooster 2\RegistryBooster.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Picasa Media Detector (DISABLED)
where: S-1-5-21-299502267-2146983963-725345543-1003...
command: D:\Picasa2\PicasaMediaDetector.exe
file: D:\Picasa2\PicasaMediaDetector.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), CorelCENTRAL 10.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1

Located: Startup (common), CorelCENTRAL 10.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
file: C:\WINDOWS\Installer\{F73E7B59-F951-11D4-884D-00902761A46D}\I_26dadCC.exe
size: 5222
MD5: 7CE8CE74CD6B217F49BA74934BDCDAA1

Located: Startup (common), SnagIt 8.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
file: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E

Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE

Located: Startup (disabled), PageKeeper Jobs (DISABLED)
command: D:\PAGEKE~1\system\PKJobs.exe
file: D:\PAGEKE~1\system\PKJobs.exe
size: 150016
MD5: DE129E1F72EB47CCDF2FD032BF5B1D8C

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 7/28/2008 6:47:40 AM
Date (last access): 6/3/2009 2:09:36 PM
Date (last write): 7/28/2008 6:47:40 AM
Filesize: 882416
Attributes:
MD5: 6A2E0E49A4F2A9DF3E6293E37E7486BD
CRC32: F6C7B4F3
Version: 2008.7.28.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2/27/2009 12:07:32 PM
Date (last access): 6/3/2009 3:02:56 PM
Date (last write): 2/27/2009 12:07:32 PM
Filesize: 61816
Attributes: archive
MD5: ECE58A352984777519D4937E41871B4C
CRC32: FEB919AF
Version: 9.1.0.163

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 6/3/2009 3:12:58 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\SPYBOT~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/6/2008 10:35:54 PM
Date (last access): 6/3/2009 3:02:56 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{78875F5C-A685-4405-8DC5-D48DC65452B0} (CDelHotkeys Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CDelHotkeys Object
Path: C:\Program Files\Delicious Add-on for Internet Explorer\
Long name: DeliciousExtension.dll
Short name: DELICI~1.DLL
Date (created): 11/27/2008 7:06:04 AM
Date (last access): 6/3/2009 3:12:58 PM
Date (last write): 11/27/2008 7:06:04 AM
Filesize: 652528
Attributes:
MD5: 541BCDFBBE6B061DBDE02AFD5E62BDEE
CRC32: F6303567
Version: 1.10.269.0

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\AntiSpyware Enterprise\
Long name: scriptproxy.dll
Short name: SCRIPT~1.DLL
Date (created): 12/7/2005 9:50:00 AM
Date (last access): 6/3/2009 3:02:58 PM
Date (last write): 12/7/2005 9:50:00 AM
Filesize: 53248
Attributes:
MD5: D1B8526F2816EEC5616372876F7BD727
CRC32: F737CAF8
Version: 13.0.0.207

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:13:24 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name:

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 7/28/2008 6:47:42 AM
Date (last access): 6/3/2009 3:03:22 PM
Date (last write): 7/28/2008 6:47:42 AM
Filesize: 160496
Attributes:
MD5: F64C4241FE5E519F62C47C361DC671D7
CRC32: 5F6F96A7
Version: 2008.7.28.1

--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/downlo...OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 3/5/2007 2:34:28 PM
Date (last access): 6/3/2009 3:20:02 PM
Date (last write): 2/4/2008 7:23:10 PM
Filesize: 693792
Attributes:
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0

{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 7/21/2008 5:31:56 PM
Date (last access): 6/3/2009 8:33:50 AM
Date (last write): 7/21/2008 5:31:56 PM
Filesize: 452312
Attributes: archive
MD5: 3237628EA03CE7EB4836C7CE915CB9E7
CRC32: 51D27D7B
Version: 1.0.0.191

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://fpdownload.macromedia.com/get...irector/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: swdir.dll
Short name:
Date (created): 5/2/2008 4:12:30 PM
Date (last access): 6/3/2009 8:33:54 AM
Date (last write): 3/19/2008 7:36:22 PM
Filesize: 202168
Attributes:
MD5: 284259B6EB9901B8978B78AFC5514627
CRC32: 6C37B749
Version: 11.0.0.429

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/micr...?1201634056296
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 8:18:34 PM
Date (last access): 6/3/2009 3:22:22 PM
Date (last write): 10/16/2008 3:06:48 PM
Filesize: 208744
Attributes:
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 8:33:48 AM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{99FE5072-78AA-4FEE-89BA-69A5FA55343F} (IGDTester Class)
DPF name:
CLSID name: IGDTester Class
Installer: C:\WINDOWS\Downloaded Program Files\igdtoolx.inf
Codebase: http://download.microsoft.com/downlo...4/igdtoolx.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: igdtoolx.dll
Short name:
Date (created): 3/23/2007 4:51:28 PM
Date (last access): 6/3/2009 3:20:56 PM
Date (last write): 3/23/2007 4:51:28 PM
Filesize: 150368
Attributes:
MD5: 11DAA9288E382EBED84D048B6EE17C4F
CRC32: 554659E2
Version: 1.3.5.0

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan)
DPF name:
CLSID name: Crucial cpcScan
Installer:
Codebase: http://www.crucial.com/controls/cpcScanner.cab
description:
classification: Legitimate
known filename: cpcscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: cpcScan.dll
Short name:
Date (created): 10/23/2006 10:37:28 AM
Date (last access): 6/3/2009 8:33:46 AM
Date (last write): 10/23/2006 10:37:28 AM
Filesize: 241664
Attributes:
MD5: 20C3403D5BC63883D8E2F3EDDC340AFF
CRC32: 34EF62D4
Version: 2.2.0.1

{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:45:16 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 3/28/2009 9:11:02 PM
Date (last access): 6/3/2009 3:45:16 PM
Date (last write): 3/28/2009 9:11:02 PM
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ()
DPF name:
CLSID name:
Installer:
Codebase:

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 10:07:18 PM
Date (last access): 6/3/2009 1:33:04 PM
Date (last write): 2/2/2009 10:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class)
DPF name:
CLSID name: CTAdjust Class
Installer: C:\WINDOWS\Downloaded Program Files\clearadj.inf
Codebase: http://download.microsoft.com/downlo...4/clearadj.cab
description:
classification: Legitimate
known filename: clearadj.cab
info link:
info source: JavaCool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: clearadjust.dll
Short name: CLEARA~1.DLL
Date (created): 4/29/2003 4:41:50 PM
Date (last access): 6/3/2009 8:34:32 AM
Date (last write): 4/29/2003 4:41:50 PM
Filesize: 32768
Attributes:
MD5: 939522429B24A97D57E84C2A2DAEC45E
CRC32: C91FBA03
Version: 1.0.0.4

{EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool)
DPF name:
CLSID name: Microsoft Office Live Workspace Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\Microsoft.OfficeLive.Workspace.RichUpload.inf
Codebase: http://workspace.office.live.com/Mis...RichUpload.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Microsoft.OfficeLive.Workspace.RichUpload.dll
Short name: MICROS~1.DLL
Date (created): 1/30/2008 4:22:36 PM
Date (last access): 6/3/2009 8:34:34 AM
Date (last write): 1/30/2008 4:22:36 PM
Filesize: 179272
Attributes:
MD5: AB841AF3FC8EFFB1DBED42FD94442FF9
CRC32: 556861C7
Version: 2.0.1330.0

{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
Codebase: http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
description:
classification: Open for discussion
known filename: DOWNLO~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 1/21/2008 10:35:16 PM
Date (last access): 6/3/2009 8:34:00 AM
Date (last write): 1/21/2008 10:35:16 PM
Filesize: 45056
Attributes:
MD5: 7CBFED39041D0BB8EA540E99C2C72121
CRC32: B52B6E75
Version: 2.2.3.4

--- Process list ---
PID: 0 ( 0) [System]
PID: 708 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 760 ( 708) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 788 ( 708) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 832 ( 788) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1028 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1108 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 832) D:\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1244 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1272 ( 832) D:\NERO 6\InCD\InCDsrv.exe
size: 1163378
MD5: 6884AA2767F9F603E9550F1EA868A5C6
PID: 1424 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1552 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1680 ( 832) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 2024 (1960) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 332 (2024) C:\Program Files\McAfee\AntiSpyware Enterprise\SHSTAT.EXE
size: 110592
MD5: D96F94467354CC72B1011243E137E8D0
PID: 344 (2024) C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
size: 139320
MD5: BA717FBE772BDB2B9CD50D44B44692F0
PID: 416 (2024) C:\WINDOWS\stsystra.exe
size: 339968
MD5: 0F869E88FA4489FBE231A42646488CE8
PID: 440 (2024) D:\NERO 6\InCD\InCD.exe
size: 1409136
MD5: A9F8EE79B0857C370B7D224ED3003AC7
PID: 452 (2024) D:\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 468 (2024) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 480 (2024) D:\SCANJET\PrecisionScanPro\HPLamp.exe
size: 42496
MD5: 5CDCCC4CD40342A6B6CF260D7F86E059
PID: 504 (2024) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 512 (2024) D:\MSGTAG Status\MSGTAGStatus.exe
size: 1820160
MD5: 0F229E34C77215B130938C75ECDE939E
PID: 528 (2024) D:\TinySpell\tinyspell.exe
size: 200704
MD5: F1D21D4358A0B794679F66DC63F09890
PID: 740 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 848 ( 832) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: 367592EFCA7FF8B4CE11AB6B0744E1E2
PID: 1064 ( 832) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1148 ( 832) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1164 ( 832) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 1516 ( 832) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 1588 ( 832) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
size: 198944
MD5: D933FC7C5E51F4DA342A4E1F2BE3F764
PID: 1772 ( 832) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
size: 102463
MD5: 151549FCB8958B42D9984C3529E2417D
PID: 1856 ( 832) C:\Program Files\McAfee\AntiSpyware Enterprise\Mcshield.exe
size: 122880
MD5: 6C07561D8464C62FD72E6B52303F998F
PID: 1924 ( 832) C:\Program Files\McAfee\AntiSpyware Enterprise\VsTskMgr.exe
size: 30720
MD5: BAE093404E8EEBA9EB8DA93C8D099B94
PID: 1944 (2024) C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
size: 6395464
MD5: 3D7886FC8D8FF280D3C0536E9486E98E
PID: 2108 (1028) C:\PROGRA~1\McAfee\COMMON~1\naPrdMgr.exe
size: 241719
MD5: 943EC57208D2727152D3BDEF4AFFE05D
PID: 2164 ( 832) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 6FEB04DE6288F5466391E29057DC5B0E
PID: 2284 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2588 (1944) C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
size: 58952
MD5: 9E0706AF45E5B89F90547B29162FF4AB
PID: 2596 (1944) C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
size: 75336
MD5: 1636180F24DEA63B8F28B689A5A9A156
PID: 2684 ( 832) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 2836 (1164) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 4076 ( 832) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 212 (1244) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 4060 (1148) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 988 (2024) C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
size: 2658304
MD5: F940761D4F0F5677EC0F35F1E0FAC204
PID: 296 ( 988) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 636072
MD5: A251068640DDB69FD7805B57D89D7FF7
PID: 1160 (1028) C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
size: 685296
MD5: 1BCF0F61D16C08DF101ABCC53C6774CB
PID: 3872 (1564) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 2224 (2024) D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/3/2009 3:45:16 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://search.bearflix.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

**Shaba** · 2009-06-04, 06:07

OK, that looks good

Still some issues left?

**Shaba** · 2009-06-09, 14:54

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

Thread: Virtumonde.sdn removal

Thread Tools

Display

Virtumonde.sdn removal

virtumonde.sdn removal

virtumonde.sdn removal

virtumonde.sdn removal

Posting Permissions