--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-09-16 TeaTimer.exe (1.6.3.25)
2005-10-23 unins000.exe (51.41.0.0)
2008-03-01 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-30 borlndmm.dll (7.0.4.453)
2005-05-30 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2005-05-30 UnzDll.dll (1.73.1.1)
2005-05-30 ZipDll.dll (1.73.2.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-03-03 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-03-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-03-03 Includes\Malware.sbi
2009-03-03 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-03-03 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-03-03 Includes\Trojans.sbi
2009-03-03 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DirectX / DX9 / SP3: DirectX Hotfix - KB825116
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Update for Windows XP (KB953356)
/ Windows XP / SP4: Security Update for Windows XP (KB953838)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956390)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958215)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB960714)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Update for Windows XP (KB967715)
--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88209
MD5: 230EA041666125B6812FE3FF964B2DF3
Located: HK_LM:Run, AlcxMonitor
command: ALCXMNTR.EXE
file: C:\WINDOWS\ALCXMNTR.EXE
size: 57344
MD5: 7B8875A5B04932AC73AFD8079864DB68
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: 3C59CB80D1849128C14FF2B3245419BE
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 51A561AF96631BF3FFFF69AD66C04649
Located: HK_LM:Run, AutoTBar
command: em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, CanonSolutionMenu
command: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
file: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
size: 689488
MD5: B9CCBA39317F2CE2AE9EC5E94271AD23
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 66680
MD5: 05A76D9DD303DEF4DCC8EE18EE8C58B9
Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: EC273D5F06235F8F003316003F518EE3
Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: 671F926ABFABFB767D708BBEE49DF45D
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: 4A95F15B706B8FD9EC8715B6401EAB7B
Located: HK_LM:Run, OM_Monitor
command: C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
file: C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
size: 40960
MD5: 04D8A71AF6939A9FC1A9A1CEF661A4D6
Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: C4C523E78774E05D06EFE3E10017CF6D
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 233472
MD5: 310F1E8A0781887BA1C217448C0E4D48
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
Located: HK_LM:Run, TuneClone
command: C:\Program Files\TuneClone\TuneClone.exe /silence
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, UpdateManager
command: "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124232
MD5: 46AF9457FF9D22A5832490C546169363
Located: HK_LM:Run, VTTimer
command: VTTimer.exe
file: C:\WINDOWS\system32\VTTimer.exe
size: 49152
MD5: 4E65C3C5ACCC24D0BC49A0954E5F4885
Located: HK_CU:RunOnce, RunNarrator
where: .DEFAULT...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: HK_CU:Run, Aim6
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, BackupNotify
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command: c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, OM_Monitor
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
file: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
size: 57344
MD5: 8A3CEB8D00E8947BDAF411B34C082ADA
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-3537475976-2077234702-3187995690-1003...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: HK_CU:RunOnce, RunNarrator
where: S-1-5-18...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7
Located: Startup (common), Acrobat Assistant.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
file: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
size: 82026
MD5: 21189B8F2D747B6981A54D5C5D554C8E
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), Quicken Scheduled Updates.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Quicken\bagent.exe
file: C:\Program Files\Quicken\bagent.exe
size: 57344
MD5: 66A07E5B87CB5CB46BE6FBB15CCF23AE
Located: Startup (common), Updates from HP.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
file: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708FC5318F6AB059104FFD415F146781
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Documents and Settings\Owner\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
Located: Startup (user), IMStart.lnk
where: C:\Documents and Settings\Owner\Start Menu\Programs\Startup...
command: C:\Program Files\InterMute\IMStart.exe
file: C:\Program Files\InterMute\IMStart.exe
size: 57344
MD5: 5DAFDDE6B95EF22544BBB07552B5EB82
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link:
http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 9/5/2007 1:48:58 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 9/5/2007 1:48:58 PM
Filesize: 816400
Attributes: archive
MD5: C1B2B3EF8AC5C8C32670D4EC7D524964
CRC32: AB11046B
Version: 2007.9.5.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 2/15/2005 9:11:42 PM
Date (last access): 3/7/2009 11:37:28 AM
Date (last write): 3/2/2001 10:02:04 AM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/23/2005 3:59:08 PM
Date (last access): 3/7/2009 11:37:28 AM
Date (last write): 9/15/2008 1:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 12/6/2005 8:52:18 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 10/31/2006 4:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 12/29/2008 8:49:26 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:26 AM
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\
Long name: swg.dll
Short name:
Date (created): 11/23/2008 9:44:28 PM
Date (last access): 3/7/2009 11:37:30 AM
Date (last write): 11/23/2008 9:44:28 PM
Filesize: 657904
Attributes: archive
MD5: 2C7C2CE12A0A07A36EDCBAAE469DC867
CRC32: 8A58975B
Version: 5.0.926.3450
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/29/2008 8:49:22 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:22 AM
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 12/29/2008 8:49:28 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:28 AM
Filesize: 73728
Attributes: archive
MD5: F68EDAFE003F2B3523C0742CD3B8D673
CRC32: 9C709350
Version: 6.0.110.3
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link:
http://www.microsoft.com/money/default.asp
info source: TonyKlein
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase:
http://office.microsoft.com/templates/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 6/30/2007 7:09:06 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 6/30/2007 7:09:06 PM
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase:
http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/20/2004 2:33:38 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 9/3/2006 11:10:30 PM
Filesize: 54960
Attributes: archive
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 6:13:06 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 3/15/2007 6:13:06 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{49232000-16E4-426C-A231-62846947304B} (SysData Class)
DPF name:
CLSID name: SysData Class
Installer: C:\WINDOWS\Downloaded Program Files\SysInfo.inf
Codebase:
http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
description:
classification: Legitimate
known filename: SysInfo.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: SysInfo.dll
Short name:
Date (created): 9/30/2004 5:52:20 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 9/30/2004 5:52:20 AM
Filesize: 214312
Attributes: archive
MD5: 0399B4E051B20EEBEA8AA6896F8AEE5B
CRC32: 2521FFC8
Version: 1.0.0.4
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/29/2008 8:49:26 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:26 AM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object)
DPF name:
CLSID name: GDIChk Object
Installer: C:\WINDOWS\Downloaded Program Files\gdichk.inf
Codebase:
http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
description:
classification: Legitimate
known filename: GDIChk.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GDIChk.dll
Short name:
Date (created): 9/9/2004 12:17:40 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 9/9/2004 12:17:40 PM
Filesize: 65272
Attributes: archive
MD5: 56AF5FF66A5F8F927411B59B66107C84
CRC32: 61E0CF2E
Version: 1.0.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 11:03:56 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 11/10/2005 11:22:10 AM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_10.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 3:07:34 PM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 11/9/2006 3:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 3/7/2009 12:07:40 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 3/7/2009 12:07:40 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 3/7/2009 12:07:40 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 1:32:34 AM
Date (last access): 3/7/2009 12:07:40 PM
Date (last write): 6/10/2008 3:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/29/2008 8:49:26 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:26 AM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase:
http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/29/2008 8:49:26 AM
Date (last access): 3/7/2009 12:07:38 PM
Date (last write): 12/29/2008 8:49:26 AM
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 6:32:42 PM
Date (last access): 3/7/2009 12:07:40 PM
Date (last write): 3/24/2008 6:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 564 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 628 ( 564) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 652 ( 564) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 696 ( 652) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 708 ( 652) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 880 ( 696) C:\WINDOWS\system32\Ati2evxx.exe
size: 405504
MD5: D01BD16ACAB7D7744F8C397EAEBB8798
PID: 896 ( 696) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1008 ( 696) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1104 ( 696) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1220 ( 696) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1388 ( 652) C:\WINDOWS\system32\Ati2evxx.exe
size: 405504
MD5: D01BD16ACAB7D7744F8C397EAEBB8798
PID: 1508 (1464) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1548 ( 696) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1608 ( 696) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 242808
MD5: C5AF6EC3DDE5F349E4F55A088297C871
PID: 1632 ( 696) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255096
MD5: AE5858E655396D8EFA3008B83B7F739A
PID: 1764 ( 696) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1044 ( 696) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: A8AA9D47F971570A5162B862B80F87E8
PID: 1076 ( 696) C:\WINDOWS\system32\bgsvcgen.exe
size: 86016
MD5: 71489FA2C4A238F178E30AE6E4449013
PID: 1088 ( 696) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
PID: 1216 ( 696) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 30024
MD5: 626534AD71DAB174C4524214A9E8BB89
PID: 1300 ( 696) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 168432
MD5: AA821B41953B8765239FC49242C66972
PID: 1400 ( 696) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
size: 103808
MD5: 755519F49906B73C1FE9CBBF75E347EA
PID: 1444 ( 696) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 32192B4EBE8720ED8D49A455C962CB91
PID: 1832 ( 696) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 2020 ( 696) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 176 ( 696) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1267024
MD5: 825349E7566B49E583399CA821D3436A
PID: 208 ( 696) C:\Program Files\Viewpoint\Common\ViewpointService.exe
size: 24652
MD5: 5F974FDE801C73952770736BECDE11E7
PID: 1208 ( 696) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2224 (1508) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 2252 (1508) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 2268 ( 208) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 112336
MD5: 1FF94B386646925D2B153C8A083115C7
PID: 2276 (1508) C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: EC273D5F06235F8F003316003F518EE3
PID: 2284 (1508) C:\HP\KBD\KBD.EXE
size: 61440
MD5: 4A95F15B706B8FD9EC8715B6401EAB7B
PID: 2336 (1508) C:\WINDOWS\system32\VTTimer.exe
size: 49152
MD5: 4E65C3C5ACCC24D0BC49A0954E5F4885
PID: 2344 (1508) C:\WINDOWS\AGRSMMSG.exe
size: 88209
MD5: 230EA041666125B6812FE3FF964B2DF3
PID: 2476 (1508) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 51A561AF96631BF3FFFF69AD66C04649
PID: 2640 (1508) C:\WINDOWS\ALCXMNTR.EXE
size: 57344
MD5: 7B8875A5B04932AC73AFD8079864DB68
PID: 2676 (1508) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 66680
MD5: 05A76D9DD303DEF4DCC8EE18EE8C58B9
PID: 2720 (1508) C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124232
MD5: 46AF9457FF9D22A5832490C546169363
PID: 3136 ( 696) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3528 (1508) C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
PID: 3536 (1508) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3564 (1508) C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
size: 57344
MD5: 8A3CEB8D00E8947BDAF411B34C082ADA
PID: 3948 (1508) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
size: 82026
MD5: 21189B8F2D747B6981A54D5C5D554C8E
PID: 3972 (1508) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 3128 ( 696) C:\Program Files\iPod\bin\iPodService.exe
size: 536872
MD5: 62937A89470AF8FF172F0980CA8AEFC9
PID: 3256 (3592) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
size: 103664
MD5: 708BEC2CAF30278A97EEEC84F32CE4A7
PID: 3896 (1508) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 762D1D11BB4E7C8D238D957E5AB60D0E
PID: 3284 (1508) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/7/2009 12:21:42 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{268D4B6F-B600-4EC6-9DD5-F2FBA65F2749}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{268D4B6F-B600-4EC6-9DD5-F2FBA65F2749}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1CCA5CB6-0D59-48F3-B705-1B0203AF3AD6}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1CCA5CB6-0D59-48F3-B705-1B0203AF3AD6}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
--- Uninstall list ---
Polar Bowler from Hewlett-Packard Desktops (remove only) (36317AE4-57EC-4F3E-B828-009A3DD96BE8)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Orbital from Hewlett-Packard Desktops (remove only) (62067F4C-84A9-45B9-8573-B90468B0A3EF)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) (6723E59E-322A-417A-8E03-27A61E18253C)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
(ABBYY FineReader 5.0 Sprint)
(AddressBook)
Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: E:\Acrobat 5.0\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link:
http://www.adobe.com/prodindex/acrobat/main.html
Adobe Flash Player ActiveX 9.0.124.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link:
http://www.adobe.com/go/flashplayer_support/
Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated
Adobe Photoshop Elements 2.0 2.0 (Adobe Photoshop Elements 2.0)
version (major): 2
install location: C:\Program Files\Adobe\Photoshop Elements 2
install source: E:\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
publisher: Adobe Systems, Inc.
Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link:
http://www.adobe.com/support/shockwave
Agere Systems PCI Soft Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel
AIM 6 (AIM_6)
uninstall cmd: C:\Program Files\AIM6\uninst.exe
ATI - Software Uninstall Utility 6.14.10.1010 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Amazon MP3 Downloader 1.0.3 (Amazon MP3 Downloader)
uninstall cmd: C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
(AOL Diagnostics_N)
(AOLOCP_Y)
ATI Display Driver 8.062-040929a-018115C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class
ISPLAY -clean
Word Symphony from Hewlett-Packard Desktops (remove only) (B8610D19-E576-4F91-8A2F-07898D9CA301)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
Updates from HP (BackWeb-137903 Uninstaller)
uninstall cmd: C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Otto from Hewlett-Packard Desktops (remove only) (BFBCBAE3-8293-4215-9C4F-C2402C118EDB)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Bink and Smacker (Bink and Smacker)
uninstall cmd: C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Canon CanoScan LiDE 200 User Registration (Canon CanoScan LiDE 200 User Registration)
uninstall cmd: C:\Program Files\Canon\IJEREG\CanoScan LiDE 200\UNINST.EXE
Canon Setup Utility 2.0 (Canon Setup Utility 2.0)
install location: C:\Program Files\Canon\Canon Setup Utility 2.0
uninstall cmd: "C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini
Canon iP4200 (CANONBJ_Deinstall_CNMCP78.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Inkjet Printer/Scanner Extended Survey Program (CANONIJPLM100)
uninstall cmd: C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Canon Utilities Solution Menu (CanonSolutionMenu)
uninstall cmd: C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Comcast High-Speed Internet Install Wizard (ComcastHSI)
uninstall cmd: C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
(Connection Manager)
Bounce Symphony from Hewlett-Packard Desktops (remove only) (D11F7128-8CBD-408B-8BF8-034604DEDD42)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Five Card Frenzy from Hewlett-Packard Desktops (remove only) (DA44615A-C243-46A4-8E47-184CFF33CD38)
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ERUNT 1.1j (ERUNT_is1)
install location: C:\Program Files\ERUNT\
uninstall cmd: "C:\Program Files\ERUNT\unins000.exe"
publisher: Lars Hederer
help link:
http://www.larshederer.homepage.t-online.de/erunt
Express Burn Uninstall (ExpressBurn)
uninstall cmd: C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
HB_Platzl_Saver01 (FlashSaver_HB_Platzl_Saver01)
uninstall cmd: C:\WINDOWS\system32\\HB_Platzl_Saver01_uninst.exe "C:\WINDOWS\system32\" "HB_Platzl_Saver01"
(Fontcore)
Google Updater 2.4.1399.3742 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link:
http://pack.google.com:80/pack-support?hl=en&gl=us
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
HP Imaging Device Functions 5.0 5.0 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link:
http://www.hp.com/support
HP Instant Support (HP Instant Support)
uninstall cmd: C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Solution Center & Imaging Support Tools 5.0 5.0 (HP Solution Center & Imaging Support Tools)
uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link:
http://www.hp.com/support
Toolkit View(HP) (HPTOOLKIT)
uninstall cmd: c:\Windows\HPTK\unhptkit.exe
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Quicken 2004 13.00.0000 (InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8})
version: 218103808
version (major): 13
estimated size: 62736
install date: 20040331
install source: c:\hp\tmp\src\disk1\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link:
http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt
Easy Internet Sign-up FE UI-3.0.0.1106 (InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D})
version: 50331648
version (major): 3
estimated size: 4072
install date: 20040401
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
publisher: Hewlett-Packard
OLYMPUS Master 1.42.5000 (InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372})
version: 19534728
version (major): 1
version (minor): 42
estimated size: 114132
install date: 20070601
install location: C:\Program Files\OLYMPUS\OLYMPUS Master\
install source: F:\OLYMPUSMaster\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
publisher: OLYMPUS IMAGING CORP.
(InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38})
(KB884016)
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050807
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link:
http://support.microsoft.com/kb/898458
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060218
publisher: Microsoft Corporation
help link:
http://support.microsoft.com/?kbid=911564
Security Update for Windows Media Player 9 (KB911565) (KB911565)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link:
http://support.microsoft.com/?kbid=911565
Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link:
http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB923689) (KB923689)
install date: 20061213
publisher: Microsoft Corporation
help link:
http://support.microsoft.com?kbid=923689
Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link:
http://support.microsoft.com/kb/923723
