Virtumonde.dll false positive
--- Search result list ---
Virtumonde.Dll: [SBI $92386332] Library (File, nothing done)
C:\Windows\System32\zipfldr.dll
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-02-06 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-08-18 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-18 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi (*)
2009-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, Ad-Watch
command: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
file: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
Located: HK_LM:Run, BigFix
command: c:\program files\Bigfix\bigfix.exe /atstartup
file: c:\program files\Bigfix\bigfix.exe
size: 2348584
MD5: CA0BD2F6DC70E39F0021882628F1ECEC
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 166424
MD5: D4975555E91636FCF4809E51731F80D8
Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: 806DB5F4FC5185AFC608E881979CC25F
Located: HK_LM:Run, mcagent_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 645328
MD5: 88A8EBA41A7FE46167D10975DC15BC4A
Located: HK_LM:Run, NapsterShell
command: C:\Program Files\Napster\napster.exe /systray
file: C:\Program Files\Napster\napster.exe
size: 323216
MD5: CF5DC65D3B818F73C6F35B79895DDA4B
Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: CD12A46AE81306C2F14B19A58E1058B0
Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4435968
MD5: 8D0C8187D3D2BEFBDF76E35E5855C5A1
Located: HK_LM:Run, Skytel
command: Skytel.exe
file: C:\Windows\Skytel.exe
size: 1822720
MD5: 2F6087DE71B76984016D7EE5DA83059F
Located: HK_LM:Run, Spare Backup
command: "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
file: C:\Program Files\Spare Backup\SpareBackup.exe
size: 5252936
MD5: BF12D259FD6145DAC356B8916D05681F
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:RunOnce, Launcher
command: %WINDIR%\SMINST\launcher.exe
file: C:\Windows\SMINST\launcher.exe
size: 40072
MD5: 0BB123FB5C46667DCAD2A882AB5100B9
Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, swg
where: S-1-5-21-432871327-865552287-571097529-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\ERUNT\AUTOBACK.EXE
file: C:\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 8/18/2009 6:00:28 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAfee Phishing Filter
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mskapbho.dll
Short name:
Date (created): 3/6/2009 10:16:06 PM
Date (last access): 1/9/2009 10:22:10 AM
Date (last write): 1/9/2009 10:22:10 AM
Filesize: 246800
Attributes: archive
MD5: 427E479ACD4F1C4A21CD2C7911B07014
CRC32: E1018A4F
Version: 10.3.109.0
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2/6/2008 6:21:54 PM
Date (last access): 10/7/2008 1:15:26 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 3/24/2009 2:39:26 PM
Date (last access): 3/25/2009 11:05:56 AM
Date (last write): 3/25/2009 11:05:56 AM
Filesize: 62784
Attributes: archive
MD5: 20A51E0AA981268CBA3C714A188DA15B
CRC32: F9AA83AA
Version: 14.0.0.423
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 4/4/2009 12:50:42 PM
Date (last access): 4/4/2009 12:50:42 PM
Date (last write): 7/4/2009 10:59:28 AM
Filesize: 259696
Attributes: archive
MD5: B2A3EE0D6570BAE9BD90892E0009A6AB
CRC32: 230192E8
Version: 6.1.1715.1442
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\
Long name: swg.dll
Short name:
Date (created): 6/27/2009 10:48:44 PM
Date (last access): 6/27/2009 10:48:44 PM
Date (last write): 6/27/2009 10:48:44 PM
Filesize: 669168
Attributes: archive
MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2
CRC32: 2CC83660
Version: 5.1.1309.15642
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: c:\PROGRA~1\mcafee\SITEAD~1\
Long name: McIEPlg.dll
Short name:
Date (created): 10/12/2008 8:25:00 PM
Date (last access): 2/13/2009 12:44:56 PM
Date (last write): 2/13/2009 12:44:56 PM
Filesize: 150032
Attributes: archive
MD5: 4428FA80C5AC5D0C8F764207E651B65E
CRC32: 2025B4F6
Version: 1.0.2.158
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Google Dictionary Compression sdch
CLSID name: Google Dictionary Compression sdch
Path: C:\Program Files\Google\Google Toolbar\Component\
Long name: fastsearch_A8904FB862BD9564.dll
Short name: FASTSE~2.DLL
Date (created): 5/15/2009 11:10:48 PM
Date (last access): 5/15/2009 11:10:48 PM
Date (last write): 5/15/2009 11:10:48 PM
Filesize: 470512
Attributes: archive
MD5: E35BCCB1D1D96F8E5B09C72AF70EC3F6
CRC32: 73C702FE
Version: 1.0.610.27482
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CBrowserHelperObject Object
Path: c:\windows\system32\
Long name: BAE.dll
Short name:
Date (created): 8/31/2007 4:11:24 AM
Date (last access): 8/31/2007 4:11:24 AM
Date (last write): 2/1/2006 6:54:30 AM
Filesize: 94208
Attributes: archive
MD5: 3467178AE878796650290CA54361C810
CRC32: 9C59917B
Version: 1.1.0.1
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 8/20/2009 1:58:20 PM
Date (last access): 8/20/2009 1:58:20 PM
Date (last write): 8/20/2009 1:58:20 PM
Filesize: 41760
Attributes: archive
MD5: 7AF9D3B7B88AF81D2F87AA846DC2EE70
CRC32: 00DFC49A
Version: 6.0.160.1
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 8/20/2009 1:58:20 PM
Date (last access): 8/20/2009 1:58:20 PM
Date (last write): 8/20/2009 1:58:20 PM
Filesize: 100128
Attributes: archive
MD5: 0B1A31837FE109DF73B3CD009F0BA485
CRC32: AC1F5B32
Version: 6.0.160.1
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 8/20/2009 1:58:20 PM
Date (last access): 8/20/2009 1:58:20 PM
Date (last write): 8/20/2009 1:58:20 PM
Filesize: 100128
Attributes: archive
MD5: 0B1A31837FE109DF73B3CD009F0BA485
CRC32: AC1F5B32
Version: 6.0.160.1
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/20/2009 1:58:24 PM
Date (last access): 8/20/2009 1:58:24 PM
Date (last write): 8/20/2009 1:58:24 PM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1
--- Process list ---
PID: 2964 (1168) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3008 (1152) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 3040 (3000) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3772 ( 884) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 645328
MD5: 88A8EBA41A7FE46167D10975DC15BC4A
PID: 4024 (3040) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4032 (3040) C:\Windows\RtHDVCpl.exe
size: 4435968
MD5: 8D0C8187D3D2BEFBDF76E35E5855C5A1
PID: 4040 (3040) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
PID: 4048 (3040) C:\Program Files\Spare Backup\SpareBackup.exe
size: 5252936
MD5: BF12D259FD6145DAC356B8916D05681F
PID: 4056 (3040) C:\Program Files\Napster\napster.exe
size: 323216
MD5: CF5DC65D3B818F73C6F35B79895DDA4B
PID: 4072 (3040) C:\Program Files\BigFix\bigfix.exe
size: 2348584
MD5: CA0BD2F6DC70E39F0021882628F1ECEC
PID: 4088 (3040) C:\Windows\System32\igfxtray.exe
size: 141848
MD5: 806DB5F4FC5185AFC608E881979CC25F
PID: 2056 (3040) C:\Windows\System32\hkcmd.exe
size: 166424
MD5: D4975555E91636FCF4809E51731F80D8
PID: 2068 (3040) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: CD12A46AE81306C2F14B19A58E1058B0
PID: 1448 (3040) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
size: 520024
MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2
PID: 2408 ( 884) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: 8BEB7107A0CE4BB1C4F7294C377DF3E9
PID: 560 (3040) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21
PID: 940 (3040) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 3832 ( 884) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 3580 (4040) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
PID: 4256 (3040) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 5216 (3040) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 448 ( 4) smss.exe
size: 64000
PID: 588 ( 576) csrss.exe
size: 6144
PID: 632 ( 624) csrss.exe
size: 6144
PID: 640 ( 576) wininit.exe
size: 96768
PID: 676 ( 640) services.exe
size: 279040
PID: 692 ( 640) lsass.exe
size: 9728
PID: 700 ( 640) lsm.exe
size: 229888
PID: 736 ( 624) winlogon.exe
size: 314880
PID: 884 ( 676) svchost.exe
size: 21504
PID: 944 ( 676) svchost.exe
size: 21504
PID: 980 ( 676) svchost.exe
size: 21504
PID: 1084 ( 676) svchost.exe
size: 21504
PID: 1152 ( 676) svchost.exe
size: 21504
PID: 1168 ( 676) svchost.exe
size: 21504
PID: 1256 (1084) audiodg.exe
size: 88064
PID: 1280 ( 676) svchost.exe
size: 21504
PID: 1304 ( 676) SLsvc.exe
size: 2623488
PID: 1332 ( 676) svchost.exe
size: 21504
PID: 1516 ( 676) svchost.exe
size: 21504
PID: 1644 ( 676) AAWService.exe
PID: 1744 ( 676) spoolsv.exe
size: 125952
PID: 1768 ( 676) svchost.exe
size: 21504
PID: 1948 ( 676) agrsmsvc.exe
size: 9216
PID: 2000 ( 676) McSACore.exe
PID: 2020 ( 676) McProxy.exe
PID: 2032 (2000) rundll32.exe
size: 44544
PID: 2044 ( 676) Mcshield.exe
PID: 388 ( 676) MpfSrv.exe
PID: 1292 ( 676) msksrver.exe
PID: 1360 ( 676) sqlservr.exe
PID: 2072 ( 676) svchost.exe
size: 21504
PID: 2092 ( 676) svchost.exe
size: 21504
PID: 2196 ( 676) svchost.exe
size: 21504
PID: 2236 ( 676) SearchIndexer.exe
size: 439808
PID: 2416 ( 676) SDWinSec.exe
size: 810320
MD5: A0C00A6265949AC72AB51B711743CA6D
PID: 2576 (1152) WUDFHost.exe
size: 142336
PID: 3120 (1168) taskeng.exe
size: 169472
PID: 3332 ( 676) mcmscsvc.exe
PID: 3356 ( 884) unsecapp.exe
PID: 3680 ( 884) WmiPrvSE.exe
PID: 4392 ( 676) wmpnetwk.exe
PID: 4864 ( 676) mcsysmon.exe
PID: 5040 ( 676) McNASvc.exe
PID: 5300 (1168) taskeng.exe
size: 169472
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/22/2009 2:31:39 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.gateway.com/g/startpage.h...s=DTP&M=GT5620
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.gateway.com/g/startpage.h...s=DTP&M=GT5620
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.gateway.com/g/startpage.h...s=DTP&M=GT5620
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT5620
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{19CD283F-B1B1-447E-8BAF-81E615E0C315}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{19CD283F-B1B1-447E-8BAF-81E615E0C315}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{75BCC508-E43B-4726-B194-966E4FD403D0}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{75BCC508-E43B-4726-B194-966E4FD403D0}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F08AB79C-C955-4994-A67F-73747E7B39C4}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F08AB79C-C955-4994-A67F-73747E7B39C4}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{19CD283F-B1B1-447E-8BAF-81E615E0C315}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{19CD283F-B1B1-447E-8BAF-81E615E0C315}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Reply With Quote
Spybot 1.6.x scans your computer much faster and has new detection methods beside some bug fixes and other features.
